Source: |
Binary string: PresentationFramework.Aero2.pdbl source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: PresentationFramework.pdb source: olPUTAxpzu.exe, 00000000.00000002.419132716.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.375588504.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: sBase.pdbX source: olPUTAxpzu.exe, 00000000.00000002.417796226.0000000001568000.00000004.00000010.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.374118192.0000000001568000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Core.ni.pdbRSDSD source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Xml.ni.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: WindowsBase.ni.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.ni.pdbRSDS source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: j8C:\Windows\WindowsBase.pdb source: olPUTAxpzu.exe, 00000000.00000002.417796226.0000000001568000.00000004.00000010.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.374118192.0000000001568000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: WindowsBase.ni.pdbRSDS source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Configuration.ni.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: mscorlib.ni.pdbRSDS source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Configuration.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Xml.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: WindowsBase.pdb"b source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Core.ni.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: mscorlib.pdb\?jk`rkH]o source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: symbols\dll\WindowsBase.pdb source: olPUTAxpzu.exe, 00000000.00000002.417796226.0000000001568000.00000004.00000010.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.374118192.0000000001568000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: PresentationFramework.ni.pdbRSDS~J source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: PresentationCore.ni.pdbRSDS source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Xaml.pdbjRjj source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: WindowsBase.pdb source: olPUTAxpzu.exe, 00000000.00000002.417796226.0000000001568000.00000004.00000010.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.374118192.0000000001568000.00000004.00000010.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000002.419132716.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.375588504.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Xaml.ni.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: mscorlib.pdb source: olPUTAxpzu.exe, 00000000.00000002.419132716.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.375588504.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Xaml.ni.pdbRSDS| source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: PresentationFramework.Aero2.ni.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: PresentationCore.ni.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Xaml.pdb source: olPUTAxpzu.exe, 00000000.00000002.419132716.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.375588504.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: PresentationFramework.Aero2.ni.pdbRSDSl source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: mscorlib.ni.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: PresentationFramework.Aero2.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Core.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Configuration.ni.pdbRSDSO* source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: WindowsBase.pdbwsBase.pdbpdbase.pdbSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.pdb source: olPUTAxpzu.exe, 00000000.00000002.417796226.0000000001568000.00000004.00000010.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.374118192.0000000001568000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: Z:\Oreans Projects\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: olPUTAxpzu.exe, 00000000.00000002.413914180.000000000097A000.00000040.00000001.01000000.00000003.sdmp, olPUTAxpzu.exe, 00000000.00000000.371137448.000000000097A000.00000040.00000001.01000000.00000003.sdmp, olPUTAxpzu.exe, 00000000.00000000.378546350.000000000097A000.00000040.00000001.01000000.00000003.sdmp |
Source: |
Binary string: .pdb source: olPUTAxpzu.exe, 00000000.00000002.417796226.0000000001568000.00000004.00000010.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.374118192.0000000001568000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Xml.ni.pdbRSDS source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: PresentationFramework.ni.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: C:\Users\WaterSmoke\source\repos\BHLoaderNew\BHLoaderNew\obj\Release\BHLoaderNew.pdb source: olPUTAxpzu.exe |
Source: |
Binary string: PresentationCore.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.ni.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: olPUTAxpzu.exe, 00000000.00000002.419132716.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.375588504.0000000003B31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://defaultcontainer/Login.xaml |
Source: olPUTAxpzu.exe, 00000000.00000002.419132716.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.375588504.0000000003B31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://defaultcontainer/bhicon.png |
Source: olPUTAxpzu.exe, 00000000.00000002.419132716.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.375588504.0000000003B31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://foo/Login.xaml |
Source: olPUTAxpzu.exe, 00000000.00000002.419132716.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.375588504.0000000003B31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://foo/bar/bhicon.png |
Source: olPUTAxpzu.exe, 00000000.00000002.419132716.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.375588504.0000000003B31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://foo/bar/login.baml |
Source: olPUTAxpzu.exe, 00000000.00000002.419132716.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.375588504.0000000003B31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://foo/bhicon.png |
Source: olPUTAxpzu.exe |
String found in binary or memory: http://pki-crl.symauth.com/ca_d409a5cb737dc0768fd08ed5256f3633/LatestCRL.crl07 |
Source: olPUTAxpzu.exe |
String found in binary or memory: http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.cr |
Source: olPUTAxpzu.exe |
String found in binary or memory: http://pki-ocsp.symauth.com0 |
Source: olPUTAxpzu.exe |
String found in binary or memory: http://s.symcb.com/universal-root.crl0 |
Source: olPUTAxpzu.exe |
String found in binary or memory: http://s.symcd.com06 |
Source: olPUTAxpzu.exe |
String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( |
Source: olPUTAxpzu.exe |
String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 |
Source: olPUTAxpzu.exe |
String found in binary or memory: http://ts-ocsp.ws.symantec.com0; |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://api.brutal-hax.net/Driver/Driver1.8_x64.sys |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://api.brutal-hax.net/Online/get_online_users.php?username= |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://api.brutal-hax.net/Online/set_online_status.php?username= |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://api.brutal-hax.net/info/cheat_status.php?hack_id= |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://api.brutal-hax.net/loader_authentification_new.php?username= |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://api.brutal-hax.net/loader_cheat_info_ex.php?index= |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://api.brutal-hax.net/loader_get_cheats.php?username= |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://api.brutal-hax.net/loader_statut_new.php |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://api.brutal-hax.net/loader_version.php |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://api.brutal-hax.net/notification.txt |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://api.brutalhax.net/ |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://brutal-hax.net/ |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://d.symcb.com/rpa0. |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://discord.gg/brutal-hax |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://help.ea.com/en/help/faq/how-to-clean-boot-your-pc/ |
Source: olPUTAxpzu.exe, 00000000.00000000.378336036.0000000000950000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameBHLoaderNew.exe8 vs olPUTAxpzu.exe |
Source: olPUTAxpzu.exe, 00000000.00000000.355628336.0000000000970000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameBHLoaderNew.exe8 vs olPUTAxpzu.exe |
Source: olPUTAxpzu.exe |
Binary or memory string: OriginalFilenameBHLoaderNew.exe8 vs olPUTAxpzu.exe |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll |
Jump to behavior |
Source: unknown |
Process created: C:\Users\user\Desktop\olPUTAxpzu.exe "C:\Users\user\Desktop\olPUTAxpzu.exe" |
|
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 1240 |
|
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 1240 |
|
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 1240 |
Jump to behavior |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://api.brutal-hax.net/loader_statut_new.php |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://api.brutal-hax.net/loader_version.php |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://api.brutal-hax.net/loader_authentification_new.php?username= |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://api.brutal-hax.net/loader_get_cheats.php?username= |
Source: olPUTAxpzu.exe |
String found in binary or memory: https://api.brutal-hax.net/loader_cheat_info_ex.php?index= |
Source: |
Binary string: PresentationFramework.Aero2.pdbl source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: PresentationFramework.pdb source: olPUTAxpzu.exe, 00000000.00000002.419132716.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.375588504.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: sBase.pdbX source: olPUTAxpzu.exe, 00000000.00000002.417796226.0000000001568000.00000004.00000010.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.374118192.0000000001568000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Core.ni.pdbRSDSD source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Xml.ni.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: WindowsBase.ni.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.ni.pdbRSDS source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: j8C:\Windows\WindowsBase.pdb source: olPUTAxpzu.exe, 00000000.00000002.417796226.0000000001568000.00000004.00000010.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.374118192.0000000001568000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: WindowsBase.ni.pdbRSDS source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Configuration.ni.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: mscorlib.ni.pdbRSDS source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Configuration.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Xml.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: WindowsBase.pdb"b source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Core.ni.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: mscorlib.pdb\?jk`rkH]o source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: symbols\dll\WindowsBase.pdb source: olPUTAxpzu.exe, 00000000.00000002.417796226.0000000001568000.00000004.00000010.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.374118192.0000000001568000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: PresentationFramework.ni.pdbRSDS~J source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: PresentationCore.ni.pdbRSDS source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Xaml.pdbjRjj source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: WindowsBase.pdb source: olPUTAxpzu.exe, 00000000.00000002.417796226.0000000001568000.00000004.00000010.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.374118192.0000000001568000.00000004.00000010.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000002.419132716.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.375588504.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Xaml.ni.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: mscorlib.pdb source: olPUTAxpzu.exe, 00000000.00000002.419132716.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.375588504.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Xaml.ni.pdbRSDS| source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: PresentationFramework.Aero2.ni.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: PresentationCore.ni.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Xaml.pdb source: olPUTAxpzu.exe, 00000000.00000002.419132716.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.375588504.0000000003B31000.00000004.00000800.00020000.00000000.sdmp, WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: PresentationFramework.Aero2.ni.pdbRSDSl source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: mscorlib.ni.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: PresentationFramework.Aero2.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Core.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.Configuration.ni.pdbRSDSO* source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: WindowsBase.pdbwsBase.pdbpdbase.pdbSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.pdb source: olPUTAxpzu.exe, 00000000.00000002.417796226.0000000001568000.00000004.00000010.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.374118192.0000000001568000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: Z:\Oreans Projects\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: olPUTAxpzu.exe, 00000000.00000002.413914180.000000000097A000.00000040.00000001.01000000.00000003.sdmp, olPUTAxpzu.exe, 00000000.00000000.371137448.000000000097A000.00000040.00000001.01000000.00000003.sdmp, olPUTAxpzu.exe, 00000000.00000000.378546350.000000000097A000.00000040.00000001.01000000.00000003.sdmp |
Source: |
Binary string: .pdb source: olPUTAxpzu.exe, 00000000.00000002.417796226.0000000001568000.00000004.00000010.00020000.00000000.sdmp, olPUTAxpzu.exe, 00000000.00000000.374118192.0000000001568000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Xml.ni.pdbRSDS source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: PresentationFramework.ni.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: C:\Users\WaterSmoke\source\repos\BHLoaderNew\BHLoaderNew\obj\Release\BHLoaderNew.pdb source: olPUTAxpzu.exe |
Source: |
Binary string: PresentationCore.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: |
Binary string: System.ni.pdb source: WER6D9B.tmp.dmp.4.dr |
Source: olPUTAxpzu.exe |
Static PE information: section name: |
Source: olPUTAxpzu.exe |
Static PE information: section name: |
Source: olPUTAxpzu.exe |
Static PE information: section name: |
Source: olPUTAxpzu.exe |
Static PE information: section name: .imports |
Source: olPUTAxpzu.exe |
Static PE information: section name: .themida |
Source: olPUTAxpzu.exe |
Static PE information: section name: .boot |
Source: olPUTAxpzu.exe |
Static PE information: section name: .taggant |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion |
Jump to behavior |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Open window title or class name: regmonclass |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Open window title or class name: process monitor - sysinternals: www.sysinternals.com |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Open window title or class name: registry monitor - sysinternals: www.sysinternals.com |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Open window title or class name: procmon_window_class |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Open window title or class name: filemonclass |
Source: C:\Users\user\Desktop\olPUTAxpzu.exe |
Open window title or class name: file monitor - sysinternals: www.sysinternals.com |