Source: cvtres.exe, 00000002.00000002.634341164.0000000006FB3000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: cvtres.exe, 00000002.00000002.634341164.0000000006FB3000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://DynDns.comDynDNSnamejidpasswordPsi/Psi |
Source: cvtres.exe, 00000002.00000002.634341164.0000000006FB3000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://VMDVyE.com |
Source: cvtres.exe, 00000002.00000002.635170682.0000000007096000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://mail.tycautomotriz.cl |
Source: cvtres.exe, 00000002.00000002.635170682.0000000007096000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://tycautomotriz.cl |
Source: cvtres.exe, 00000002.00000002.634341164.0000000006FB3000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ipify.org% |
Source: cvtres.exe, 00000002.00000002.634341164.0000000006FB3000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ipify.org%%startupfolder% |
Source: cvtres.exe, 00000002.00000002.634341164.0000000006FB3000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www |
Source: 2.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 2.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 2.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 2.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 2.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 2.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 2.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 2.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 1.2.FqjWpTMVBm.exe.4dcb7a8.5.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 1.2.FqjWpTMVBm.exe.4dcb7a8.5.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 1.2.FqjWpTMVBm.exe.4dcb7a8.5.raw.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 1.2.FqjWpTMVBm.exe.4dcb7a8.5.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 2.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 2.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 2.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 2.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 00000002.00000000.373575216.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 00000002.00000000.372648537.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 00000002.00000000.373105695.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 00000002.00000002.632455150.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 00000002.00000000.374189805.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 00000001.00000002.378242847.00000000048E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: Process Memory Space: FqjWpTMVBm.exe PID: 5068, type: MEMORYSTR | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: Process Memory Space: cvtres.exe PID: 2980, type: MEMORYSTR | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 2.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 2.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 2.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 2.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 2.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 2.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 2.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 2.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 1.2.FqjWpTMVBm.exe.4dcb7a8.5.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 1.2.FqjWpTMVBm.exe.4dcb7a8.5.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 1.2.FqjWpTMVBm.exe.4dcb7a8.5.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 1.2.FqjWpTMVBm.exe.4dcb7a8.5.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 2.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 2.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 2.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 2.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 00000002.00000000.373575216.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 00000002.00000000.372648537.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 00000002.00000000.373105695.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 00000002.00000002.632455150.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 00000002.00000000.374189805.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 00000001.00000002.378242847.00000000048E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: Process Memory Space: FqjWpTMVBm.exe PID: 5068, type: MEMORYSTR | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: Process Memory Space: cvtres.exe PID: 2980, type: MEMORYSTR | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_01093128 | 1_2_01093128 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_01091D70 | 1_2_01091D70 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_010918D8 | 1_2_010918D8 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_01097F70 | 1_2_01097F70 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_01090F98 | 1_2_01090F98 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_01092278 | 1_2_01092278 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_010992E8 | 1_2_010992E8 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_010951B0 | 1_2_010951B0 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_010951C0 | 1_2_010951C0 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_01094009 | 1_2_01094009 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_01094018 | 1_2_01094018 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_01090427 | 1_2_01090427 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_01090448 | 1_2_01090448 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_01093048 | 1_2_01093048 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_01093041 | 1_2_01093041 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_01097C70 | 1_2_01097C70 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_01097CB8 | 1_2_01097CB8 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_01099716 | 1_2_01099716 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_0109972F | 1_2_0109972F |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_01090F4C | 1_2_01090F4C |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_01099752 | 1_2_01099752 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_0109976B | 1_2_0109976B |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_01097F60 | 1_2_01097F60 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_01099784 | 1_2_01099784 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_01095BF9 | 1_2_01095BF9 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_010992D8 | 1_2_010992D8 |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Code function: 1_2_010996DF | 1_2_010996DF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 2_2_06F4F3C8 | 2_2_06F4F3C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 2_2_06F4F080 | 2_2_06F4F080 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 2_2_0A6E51C8 | 2_2_0A6E51C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 2_2_0A6EC9D0 | 2_2_0A6EC9D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 2_2_0A6E9700 | 2_2_0A6E9700 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 2_2_0A6EF7D8 | 2_2_0A6EF7D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 2_2_0A6EB590 | 2_2_0A6EB590 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 2_2_0A6E32A8 | 2_2_0A6E32A8 |
Source: FqjWpTMVBm.exe, 00000001.00000002.377328903.0000000002EFE000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameDTsBTsBtRBqOtEoXvXxcmxLWqLx.exe4 vs FqjWpTMVBm.exe |
Source: FqjWpTMVBm.exe, 00000001.00000000.366808060.0000000000A02000.00000002.00000001.01000000.00000005.sdmp | Binary or memory string: OriginalFilenameZZSSACVSDFDHDJJHDG335.exeL vs FqjWpTMVBm.exe |
Source: FqjWpTMVBm.exe, 00000001.00000002.376697949.0000000002E89000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameResourceAssembly.dllD vs FqjWpTMVBm.exe |
Source: FqjWpTMVBm.exe, 00000001.00000002.378242847.00000000048E2000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameDTsBTsBtRBqOtEoXvXxcmxLWqLx.exe4 vs FqjWpTMVBm.exe |
Source: FqjWpTMVBm.exe, 00000001.00000002.377522791.0000000004685000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameResourceAssembly.dllD vs FqjWpTMVBm.exe |
Source: FqjWpTMVBm.exe | Binary or memory string: OriginalFilenameZZSSACVSDFDHDJJHDG335.exeL vs FqjWpTMVBm.exe |
Source: 2.2.cvtres.exe.400000.0.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 2.2.cvtres.exe.400000.0.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 2.0.cvtres.exe.400000.2.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 2.0.cvtres.exe.400000.2.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 2.0.cvtres.exe.400000.4.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 2.0.cvtres.exe.400000.4.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: FqjWpTMVBm.exe, MJCKVKLUIOR/MJCKVKLUIOR.cs | Reference to suspicious API methods: ('\\x13', 'GetProcAddress@kernel32'), ('\\x10', 'LoadLibraryA@kernel32') |
Source: 1.0.FqjWpTMVBm.exe.a00000.0.unpack, MJCKVKLUIOR/MJCKVKLUIOR.cs | Reference to suspicious API methods: ('\\x13', 'GetProcAddress@kernel32'), ('\\x10', 'LoadLibraryA@kernel32') |
Source: 2.2.cvtres.exe.400000.0.unpack, A/E1.cs | Reference to suspicious API methods: ('A', 'MapVirtualKey@user32.dll') |
Source: 2.0.cvtres.exe.400000.2.unpack, A/E1.cs | Reference to suspicious API methods: ('A', 'MapVirtualKey@user32.dll') |
Source: 2.0.cvtres.exe.400000.4.unpack, A/E1.cs | Reference to suspicious API methods: ('A', 'MapVirtualKey@user32.dll') |
Source: C:\Users\user\Desktop\FqjWpTMVBm.exe | Queries volume information: C:\Users\user\Desktop\FqjWpTMVBm.exe VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: Yara match | File source: 2.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.FqjWpTMVBm.exe.4dcb7a8.5.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.FqjWpTMVBm.exe.4dcb7a8.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000002.00000000.373575216.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000000.372648537.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000000.373105695.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.632455150.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000000.374189805.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.378242847.00000000048E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.634341164.0000000006FB3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.634629489.0000000006FFE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: FqjWpTMVBm.exe PID: 5068, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: cvtres.exe PID: 2980, type: MEMORYSTR |
Source: Yara match | File source: 2.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.FqjWpTMVBm.exe.4dcb7a8.5.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.FqjWpTMVBm.exe.4dcb7a8.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000002.00000000.373575216.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000000.372648537.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000000.373105695.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.632455150.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000000.374189805.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.378242847.00000000048E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.634341164.0000000006FB3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.634629489.0000000006FFE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: FqjWpTMVBm.exe PID: 5068, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: cvtres.exe PID: 2980, type: MEMORYSTR |