Source: loader.exe |
Virustotal: Detection: 22% |
Perma Link |
Source: loader.exe |
Metadefender: Detection: 17% |
Perma Link |
Source: loader.exe |
ReversingLabs: Detection: 46% |
Source: global traffic |
TCP traffic: 192.168.2.3:49735 -> 51.79.119.230:13371 |
Source: global traffic |
TCP traffic: 192.168.2.3:49734 -> 51.79.119.231:13371 |
Source: global traffic |
TCP traffic: 192.168.2.3:49744 -> 51.79.119.229:13371 |
Source: global traffic |
TCP traffic: 192.168.2.3:49747 -> 51.79.119.228:13371 |
Source: global traffic |
TCP traffic: 192.168.2.3:49748 -> 51.79.119.221:13371 |
Source: Joe Sandbox View |
IP Address: 51.79.119.229 51.79.119.229 |
Source: Joe Sandbox View |
IP Address: 51.79.119.228 51.79.119.228 |
Source: Joe Sandbox View |
IP Address: 51.79.119.221 51.79.119.221 |
Source: Joe Sandbox View |
IP Address: 51.79.119.230 51.79.119.230 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.230 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.230 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.230 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.229 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.229 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.229 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.228 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.228 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.228 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.221 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.221 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.221 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.230 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.230 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.230 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.229 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.229 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.229 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.228 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.228 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.228 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.221 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.221 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.221 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.230 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.79.119.231 |
Source: 77EC63BDA74BD0D0E0426DC8F80085060.0.dr |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: loader.exe, 00000000.00000003.259055056.00000000057FA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?78d9fd3997324 |
Source: loader.exe, 00000000.00000003.282588903.0000000000601000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enEM32 |
Source: loader.exe |
Static PE information: section name: 4uN% |
Source: loader.exe |
Static PE information: section name: A]zn |
Source: loader.exe |
Static PE information: section name: +/*9 |
Source: loader.exe |
Static PE information: section name: 'x00 |
Source: loader.exe |
Static PE information: section name: 'IAL |
Source: loader.exe |
Static PE information: section name: w^]> |
Source: loader.exe |
Static PE information: section name: h`J? |
Source: loader.exe |
Virustotal: Detection: 22% |
Source: loader.exe |
Metadefender: Detection: 17% |
Source: loader.exe |
ReversingLabs: Detection: 46% |
Source: C:\Users\user\Desktop\loader.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\loader.exe |
File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto |
Jump to behavior |
Source: classification engine |
Classification label: mal76.evad.winEXE@1/4@0/6 |
Source: loader.exe |
Static file information: File size 9042944 > 1048576 |
Source: loader.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: loader.exe |
Static PE information: Raw size of w^]> is bigger than: 0x100000 < 0x89f400 |
Source: loader.exe |
Static PE information: section name: 4uN% |
Source: loader.exe |
Static PE information: section name: A]zn |
Source: loader.exe |
Static PE information: section name: +/*9 |
Source: loader.exe |
Static PE information: section name: 'x00 |
Source: loader.exe |
Static PE information: section name: 'IAL |
Source: loader.exe |
Static PE information: section name: w^]> |
Source: loader.exe |
Static PE information: section name: h`J? |
Source: initial sample |
Static PE information: section where entry point is pointing to: w^]> |
Source: C:\Users\user\Desktop\loader.exe |
Memory written: PID: 5972 base: 7FFC867E0008 value: E9 7B A9 EA FF |
Jump to behavior |
Source: C:\Users\user\Desktop\loader.exe |
Memory written: PID: 5972 base: 7FFC8668A980 value: E9 90 56 15 00 |
Jump to behavior |
Source: C:\Users\user\Desktop\loader.exe |
Memory written: PID: 5972 base: 7FFC867F000D value: E9 6B 9B EC FF |
Jump to behavior |
Source: C:\Users\user\Desktop\loader.exe |
Memory written: PID: 5972 base: 7FFC866B9B70 value: E9 AA 64 13 00 |
Jump to behavior |
Source: C:\Users\user\Desktop\loader.exe |
Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot |
Jump to behavior |
Source: C:\Users\user\Desktop\loader.exe |
Special instruction interceptor: First address: 0000000140FA9A84 instructions rdtsc caused by: RDTSC with Trap Flag (TF) |
Source: C:\Users\user\Desktop\loader.exe |
Special instruction interceptor: First address: 0000000140FA9A9C instructions rdtsc caused by: RDTSC with Trap Flag (TF) |
Source: C:\Users\user\Desktop\loader.exe |
RDTSC instruction interceptor: First address: 0000000140FF5B60 second address: 00000001410056D0 instructions: 0x00000000 rdtsc 0x00000002 xor dl, FFFFFF8Bh 0x00000005 dec eax 0x00000006 add edx, edx 0x00000008 inc eax 0x00000009 xor dh, bh 0x0000000b bswap ax 0x0000000e bsf dx, dx 0x00000012 mov edx, dword ptr [esp+edi] 0x00000015 dec ecx 0x00000016 sub eax, 00000004h 0x0000001c inc ecx 0x0000001d mov dword ptr [eax], edx 0x0000001f lahf 0x00000020 shrd ax, cx, 00000034h 0x00000025 dec eax 0x00000026 sub ebp, 00000004h 0x0000002c mov eax, dword ptr [ebp+00h] 0x00000030 xor eax, esi 0x00000032 rol eax, 02h 0x00000035 cmc 0x00000036 inc ecx 0x00000037 cmp eax, ebp 0x00000039 clc 0x0000003a sub eax, 0E9B52EAh 0x0000003f neg eax 0x00000041 inc ecx 0x00000042 test cl, 0000003Ch 0x00000045 sub eax, 14C9657Ch 0x0000004a push esi 0x0000004b xor dword ptr [esp], eax 0x0000004e dec eax 0x0000004f arpl dx, si 0x00000051 neg si 0x00000054 pop esi 0x00000055 inc eax 0x00000056 test dh, FFFFFF8Fh 0x00000059 dec eax 0x0000005a arpl ax, ax 0x0000005c jmp 00007FB2D0CC171Fh 0x00000061 dec esp 0x00000062 add edx, eax 0x00000064 jmp 00007FB2D0CD78C9h 0x00000069 jmp 00007FB2D0C95CB9h 0x0000006e dec esp 0x0000006f lea ebx, dword ptr [esp+00000140h] 0x00000076 dec ebp 0x00000077 cmp eax, ebx 0x00000079 jmp 00007FB2D0CF947Ah 0x0000007e ja 00007FB2D0CBFCC6h 0x00000084 inc ecx 0x00000085 push edx 0x00000086 ret 0x00000087 dec eax 0x00000088 sub ebp, 00000001h 0x0000008e sal ah, 00000076h 0x00000091 rdtsc |
Source: C:\Users\user\Desktop\loader.exe |
RDTSC instruction interceptor: First address: 00000001407FEBE4 second address: 000000014074229E instructions: 0x00000000 rdtsc 0x00000002 xor dl, FFFFFF8Bh 0x00000005 dec eax 0x00000006 add edx, edx 0x00000008 inc eax 0x00000009 xor dh, bh 0x0000000b bswap ax 0x0000000e bsf dx, dx 0x00000012 mov edx, dword ptr [esp+edi] 0x00000015 dec ecx 0x00000016 sub eax, 00000004h 0x0000001c inc ecx 0x0000001d mov dword ptr [eax], edx 0x0000001f lahf 0x00000020 shrd ax, cx, 00000034h 0x00000025 dec eax 0x00000026 sub ebp, 00000004h 0x0000002c mov eax, dword ptr [ebp+00h] 0x00000030 xor eax, esi 0x00000032 rol eax, 02h 0x00000035 cmc 0x00000036 inc ecx 0x00000037 cmp eax, ebp 0x00000039 clc 0x0000003a sub eax, 0E9B52EAh 0x0000003f neg eax 0x00000041 inc ecx 0x00000042 test cl, 0000003Ch 0x00000045 sub eax, 14C9657Ch 0x0000004a push esi 0x0000004b xor dword ptr [esp], eax 0x0000004e dec eax 0x0000004f arpl dx, si 0x00000051 neg si 0x00000054 pop esi 0x00000055 inc eax 0x00000056 test dh, FFFFFF8Fh 0x00000059 dec eax 0x0000005a arpl ax, ax 0x0000005c jmp 00007FB2D06E9542h 0x00000061 dec esp 0x00000062 add edx, eax 0x00000064 jmp 00007FB2D07848DCh 0x00000069 jmp 00007FB2D06C4ED6h 0x0000006e dec esp 0x0000006f lea ebx, dword ptr [esp+00000140h] 0x00000076 dec ebp 0x00000077 cmp eax, ebx 0x00000079 jmp 00007FB2D0756AADh 0x0000007e ja 00007FB2D067A9FFh 0x00000084 inc ecx 0x00000085 push edx 0x00000086 ret 0x00000087 dec eax 0x00000088 sub ebp, 00000001h 0x0000008e sal ah, 00000076h 0x00000091 rdtsc |
Source: loader.exe, 00000000.00000003.272407449.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.292218034.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.263600234.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.300046554.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.271260895.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.295344503.0000000005372000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: IMPORTREC.EXES |
Source: loader.exe, 00000000.00000003.272407449.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.292218034.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.263600234.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.300046554.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.271260895.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.295344503.0000000005372000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OLLYDBG.EXE |
Source: loader.exe, 00000000.00000003.272407449.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.292218034.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.263600234.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.300046554.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.271260895.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.295344503.0000000005372000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: REGMON.EXE |
Source: loader.exe, 00000000.00000003.272407449.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.292218034.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.263600234.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.300046554.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.271260895.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.295344503.0000000005372000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: WINDBG.EXE |
Source: loader.exe, 00000000.00000003.272407449.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.292218034.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.263600234.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.300046554.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.271260895.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.295344503.0000000005372000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: IMPORTREC.EXE |
Source: loader.exe, 00000000.00000003.272407449.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.292218034.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.263600234.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.300046554.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.271260895.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.295344503.0000000005372000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: PETOOLS.EXE |
Source: loader.exe, 00000000.00000003.272407449.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.292218034.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.263600234.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.300046554.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.271260895.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.295344503.0000000005372000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OLLYDBG.EXETION |
Source: loader.exe, 00000000.00000003.272407449.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.292218034.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.263600234.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.300046554.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.271260895.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.295344503.0000000005372000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: IDAQ.EXE |
Source: loader.exe, 00000000.00000003.272407449.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.292218034.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.263600234.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.300046554.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.271260895.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.295344503.0000000005372000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SYSANALYZER.EXE |
Source: loader.exe, 00000000.00000003.272407449.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.292218034.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.263600234.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.300046554.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.271260895.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.295344503.0000000005372000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: DUMPCAP.EXE |
Source: C:\Users\user\Desktop\loader.exe |
Window / User API: threadDelayed 3247 |
Jump to behavior |
Source: C:\Users\user\Desktop\loader.exe |
Window / User API: threadDelayed 2487 |
Jump to behavior |
Source: C:\Users\user\Desktop\loader.exe |
File opened / queried: C:\Windows\System32\drivers\vmmemctl.sys |
Jump to behavior |
Source: C:\Users\user\Desktop\loader.exe |
File opened / queried: C:\Windows\System32\drivers\vmhgfs.sys |
Jump to behavior |
Source: C:\Users\user\Desktop\loader.exe |
File opened / queried: C:\Windows\System32\drivers\vmmouse.sys |
Jump to behavior |
Source: loader.exe, 00000000.00000003.282692502.0000000000632000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\C:\Windows\System32\drivers\vmmemctl.sys |
Source: C:\Users\user\Desktop\loader.exe |
Handle closed: DEADC0DE |
Source: C:\Users\user\Desktop\loader.exe |
Process queried: DebugPort |
Jump to behavior |
Source: C:\Users\user\Desktop\loader.exe |
Process queried: DebugObjectHandle |
Jump to behavior |
Source: C:\Users\user\Desktop\loader.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid |
Jump to behavior |
Source: loader.exe, 00000000.00000003.272407449.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.292218034.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.263600234.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.300046554.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.271260895.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.295344503.0000000005372000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: tcpview.exe |
Source: loader.exe, 00000000.00000003.272407449.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.292218034.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.263600234.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.300046554.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.271260895.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.295344503.0000000005372000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: lordpe.exe |
Source: loader.exe, 00000000.00000003.272407449.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.292218034.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.263600234.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.300046554.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.271260895.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.295344503.0000000005372000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: ollydbg.exe |
Source: loader.exe, 00000000.00000003.272407449.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.292218034.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.263600234.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.300046554.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.271260895.0000000005372000.00000004.00000020.00020000.00000000.sdmp, loader.exe, 00000000.00000003.295344503.0000000005372000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: regmon.exe |