Source: F63V4i8eZU.exe | Malware Configuration Extractor: GuLoader {"Payload URL": "https://kinmirai.org/wp-content/bin_QVwo"} |
Source: F63V4i8eZU.exe | Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: | Binary string: C:\Program Files (x86)\Administrator-Cloud\Projects\ISOL.pdb source: F63V4i8eZU.exe |
Source: Malware configuration extractor | URLs: https://kinmirai.org/wp-content/bin_QVwo |
Source: F63V4i8eZU.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: F63V4i8eZU.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: F63V4i8eZU.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: F63V4i8eZU.exe | String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: F63V4i8eZU.exe | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: F63V4i8eZU.exe | String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: F63V4i8eZU.exe | String found in binary or memory: http://ocsp.digicert.com0C |
Source: F63V4i8eZU.exe | String found in binary or memory: http://ocsp.digicert.com0O |
Source: F63V4i8eZU.exe | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: F63V4i8eZU.exe | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Process Stats: CPU usage > 98% |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D55BB NtAllocateVirtualMemory, | 0_2_021D55BB |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D5724 NtAllocateVirtualMemory, | 0_2_021D5724 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D55F6 NtAllocateVirtualMemory, | 0_2_021D55F6 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D55BB | 0_2_021D55BB |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D423F | 0_2_021D423F |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D8254 | 0_2_021D8254 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D5A46 | 0_2_021D5A46 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D4277 | 0_2_021D4277 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D4263 | 0_2_021D4263 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D5A84 | 0_2_021D5A84 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D22D5 | 0_2_021D22D5 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D2AD6 | 0_2_021D2AD6 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D2AFD | 0_2_021D2AFD |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D5359 | 0_2_021D5359 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D33A7 | 0_2_021D33A7 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D33EC | 0_2_021D33EC |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D1057 | 0_2_021D1057 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D5852 | 0_2_021D5852 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D78B2 | 0_2_021D78B2 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D48E8 | 0_2_021D48E8 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D28E2 | 0_2_021D28E2 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D513E | 0_2_021D513E |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D8138 | 0_2_021D8138 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D4128 | 0_2_021D4128 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D3920 | 0_2_021D3920 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D19CC | 0_2_021D19CC |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D0618 | 0_2_021D0618 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D2E2F | 0_2_021D2E2F |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D9626 | 0_2_021D9626 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D8E7C | 0_2_021D8E7C |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D968F | 0_2_021D968F |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D8ED8 | 0_2_021D8ED8 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D7EFC | 0_2_021D7EFC |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D46E4 | 0_2_021D46E4 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D8F40 | 0_2_021D8F40 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D1FD9 | 0_2_021D1FD9 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D7FF5 | 0_2_021D7FF5 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D2C5C | 0_2_021D2C5C |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D045E | 0_2_021D045E |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D3C4D | 0_2_021D3C4D |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D2470 | 0_2_021D2470 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D7488 | 0_2_021D7488 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D348A | 0_2_021D348A |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D7CA5 | 0_2_021D7CA5 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D84A6 | 0_2_021D84A6 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D84E9 | 0_2_021D84E9 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D34EA | 0_2_021D34EA |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D3568 | 0_2_021D3568 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D0584 | 0_2_021D0584 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D8DB4 | 0_2_021D8DB4 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D35B0 | 0_2_021D35B0 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D2DA0 | 0_2_021D2DA0 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D25D4 | 0_2_021D25D4 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D55F6 | 0_2_021D55F6 |
Source: F63V4i8eZU.exe | Static PE information: invalid certificate |
Source: F63V4i8eZU.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: F63V4i8eZU.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: F63V4i8eZU.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: F63V4i8eZU.exe, 00000000.00000002.735395303.0000000000438000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameISOL.exe vs F63V4i8eZU.exe |
Source: F63V4i8eZU.exe | Binary or memory string: OriginalFilenameISOL.exe vs F63V4i8eZU.exe |
Source: F63V4i8eZU.exe | Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: classification engine | Classification label: mal88.troj.evad.winEXE@1/0@0/0 |
Source: F63V4i8eZU.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: F63V4i8eZU.exe | Virustotal: Detection: 10% |
Source: F63V4i8eZU.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: | Binary string: C:\Program Files (x86)\Administrator-Cloud\Projects\ISOL.pdb source: F63V4i8eZU.exe |
Source: Yara match | File source: 00000000.00000002.737783934.00000000021D0000.00000040.00000001.sdmp, type: MEMORY |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_00406408 push es; ret | 0_2_0040640F |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_00405D8C push es; ret | 0_2_00405D8B |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02071833 push edx; ret | 0_2_02071861 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02074205 push edx; ret | 0_2_02074231 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02072A05 push edx; ret | 0_2_02072A31 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02071205 push edx; ret | 0_2_02071231 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02075A03 push edx; ret | 0_2_02075A31 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02076214 push edx; ret | 0_2_02076241 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02074A13 push edx; ret | 0_2_02074A41 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02073213 push edx; ret | 0_2_02073241 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02071A13 push edx; ret | 0_2_02071A41 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02070218 push edx; ret | 0_2_02070241 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02075225 push edx; ret | 0_2_02075251 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02073A24 push edx; ret | 0_2_02073A51 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02072224 push edx; ret | 0_2_02072251 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02070A24 push edx; ret | 0_2_02070A51 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02076A24 push edx; ret | 0_2_02076A51 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02074233 push edx; ret | 0_2_02074261 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02072A33 push edx; ret | 0_2_02072A61 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02071233 push edx; ret | 0_2_02071261 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02075A33 push edx; ret | 0_2_02075A61 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02074A44 push edx; ret | 0_2_02074A71 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02073244 push edx; ret | 0_2_02073271 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02071A44 push edx; ret | 0_2_02071A71 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02076244 push edx; ret | 0_2_02076271 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02070248 push edx; ret | 0_2_02070271 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02073A54 push edx; ret | 0_2_02073A81 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02072254 push edx; ret | 0_2_02072281 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02076A54 push edx; ret | 0_2_02076A81 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02075253 push edx; ret | 0_2_02075281 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_02070A58 push edx; ret | 0_2_02070A81 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D423F | 0_2_021D423F |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D5A46 | 0_2_021D5A46 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D4277 | 0_2_021D4277 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D4263 | 0_2_021D4263 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D5A84 | 0_2_021D5A84 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D2AD6 | 0_2_021D2AD6 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D2AFD | 0_2_021D2AFD |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D33A7 | 0_2_021D33A7 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D5852 | 0_2_021D5852 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D78B2 | 0_2_021D78B2 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D28E2 | 0_2_021D28E2 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D513E | 0_2_021D513E |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D4128 | 0_2_021D4128 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D3920 | 0_2_021D3920 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D7EFC | 0_2_021D7EFC |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D46E4 | 0_2_021D46E4 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D1FD9 | 0_2_021D1FD9 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D045E | 0_2_021D045E |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D3C4D | 0_2_021D3C4D |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D2470 | 0_2_021D2470 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D7488 | 0_2_021D7488 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D7CA5 | 0_2_021D7CA5 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D8DB4 | 0_2_021D8DB4 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | RDTSC instruction interceptor: First address: 00000000021D0182 second address: 00000000021D0182 instructions: |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | RDTSC instruction interceptor: First address: 00000000021D6E61 second address: 00000000021D6E61 instructions: |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | RDTSC instruction interceptor: First address: 00000000021D01B2 second address: 00000000021D01B2 instructions: |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | RDTSC instruction interceptor: First address: 00000000021D78FC second address: 00000000021D790A instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a pushad 0x0000000b lfence 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | RDTSC instruction interceptor: First address: 00000000021D0182 second address: 00000000021D0182 instructions: |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | RDTSC instruction interceptor: First address: 00000000021D6E61 second address: 00000000021D6E61 instructions: |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | RDTSC instruction interceptor: First address: 00000000021D01B2 second address: 00000000021D01B2 instructions: |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | RDTSC instruction interceptor: First address: 00000000021D78FC second address: 00000000021D790A instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a pushad 0x0000000b lfence 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | RDTSC instruction interceptor: First address: 00000000021D790A second address: 00000000021D79F6 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b mov esi, DCAAA67Fh 0x00000010 test dl, dl 0x00000012 xor esi, F2CCAB26h 0x00000018 test edx, edx 0x0000001a sub esi, 536EBD65h 0x00000020 test bh, ch 0x00000022 xor esi, DAF7BFF4h 0x00000028 test ecx, ecx 0x0000002a test bx, cx 0x0000002d add esi, 00001000h 0x00000033 test bx, ax 0x00000036 cmp cl, dl 0x00000038 cmp bx, dx 0x0000003b mov dword ptr [ebp+000001F8h], FC14852Ch 0x00000045 test ebx, ecx 0x00000047 xor dword ptr [ebp+000001F8h], 83A94D75h 0x00000051 xor dword ptr [ebp+000001F8h], AA3F6E81h 0x0000005b cmp ah, 00000015h 0x0000005e sub dword ptr [ebp+000001F8h], D581B6D8h 0x00000068 cmp esi, dword ptr [ebp+000001F8h] 0x0000006e je 00007F8568CA0D1Ah 0x00000074 mov dword ptr [ebp+00000204h], 67BCF0E4h 0x0000007e xor dword ptr [ebp+00000204h], E457B680h 0x00000088 xor dword ptr [ebp+00000204h], E04C2F31h 0x00000092 xor dword ptr [ebp+00000204h], 1C589955h 0x0000009c cmp ch, dh 0x0000009e cmp esi, dword ptr [ebp+00000204h] 0x000000a4 je 00007F8568CA0CE4h 0x000000aa test cl, dl 0x000000ac mov dword ptr [ebp+00000246h], eax 0x000000b2 mov eax, 03147A97h 0x000000b7 cmp ecx, ecx 0x000000b9 xor eax, 4F08C75Bh 0x000000be cmp cl, al 0x000000c0 sub eax, 1A91E3C1h 0x000000c5 sub eax, 318ADA0Bh 0x000000ca push eax 0x000000cb mov eax, dword ptr [ebp+00000246h] 0x000000d1 cmp bh, ah 0x000000d3 push 25819736h 0x000000d8 sub dword ptr [esp], 3CB652F7h 0x000000df xor dword ptr [esp], 3AF83707h 0x000000e6 pushad 0x000000e7 mov ebx, 000000DBh 0x000000ec rdtsc |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Process Stats: CPU usage > 90% for more than 60s |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D423F Start: 021D4BE7 End: 021D480D | 0_2_021D423F |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D5A46 Start: 021D5BED End: 021D480D | 0_2_021D5A46 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D4277 Start: 021D4BE7 End: 021D480D | 0_2_021D4277 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D4263 Start: 021D4BE7 End: 021D480D | 0_2_021D4263 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D33A7 Start: 021D4BE7 End: 021D480D | 0_2_021D33A7 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D5852 Start: 021D4BE7 End: 021D480D | 0_2_021D5852 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D513E Start: 021D4BE7 End: 021D480D | 0_2_021D513E |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D4128 Start: 021D4BE7 End: 021D480D | 0_2_021D4128 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D46E4 Start: 021D4BE7 End: 021D480D | 0_2_021D46E4 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D1FD9 Start: 021D4BE7 End: 021D480D | 0_2_021D1FD9 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D045E Start: 021D4BE7 End: 021D480D | 0_2_021D045E |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D7488 Start: 021D4BE7 End: 021D480D | 0_2_021D7488 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D7CA5 Start: 021D4BE7 End: 021D480D | 0_2_021D7CA5 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D8DB4 Start: 021D4BE7 End: 021D480D | 0_2_021D8DB4 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D5201 mov eax, dword ptr fs:[00000030h] | 0_2_021D5201 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D7365 mov eax, dword ptr fs:[00000030h] | 0_2_021D7365 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D33A7 mov eax, dword ptr fs:[00000030h] | 0_2_021D33A7 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D33EC mov eax, dword ptr fs:[00000030h] | 0_2_021D33EC |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D28E2 mov eax, dword ptr fs:[00000030h] | 0_2_021D28E2 |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D7EFC mov eax, dword ptr fs:[00000030h] | 0_2_021D7EFC |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D348A mov eax, dword ptr fs:[00000030h] | 0_2_021D348A |
Source: C:\Users\user\Desktop\F63V4i8eZU.exe | Code function: 0_2_021D6D92 mov eax, dword ptr fs:[00000030h] | 0_2_021D6D92 |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: F63V4i8eZU.exe, 00000000.00000002.736824672.0000000000C50000.00000002.00000001.sdmp | Binary or memory string: Program Manager |
Source: F63V4i8eZU.exe, 00000000.00000002.736824672.0000000000C50000.00000002.00000001.sdmp | Binary or memory string: Shell_TrayWnd |
Source: F63V4i8eZU.exe, 00000000.00000002.736824672.0000000000C50000.00000002.00000001.sdmp | Binary or memory string: Progman |
Source: F63V4i8eZU.exe, 00000000.00000002.736824672.0000000000C50000.00000002.00000001.sdmp | Binary or memory string: Progmanlock |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.