Source: cvtres.exe, 00000001.00000002.511164792.0000000006921000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: cvtres.exe, 00000001.00000002.511164792.0000000006921000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://DPVGsz.com |
Source: cvtres.exe, 00000001.00000002.511164792.0000000006921000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://DynDns.comDynDNSnamejidpasswordPsi/Psi |
Source: SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | String found in binary or memory: http://crl.thawte.com/ThawtePCA.crl0 |
Source: SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | String found in binary or memory: http://crl.thawte.com/ThawtePremiumServerCA.crl0 |
Source: SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | String found in binary or memory: http://cs-g2-crl.thawte.com/ThawteCSG2.crl0 |
Source: cvtres.exe, 00000001.00000002.512904675.0000000006C3F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://mail.ocpi.com.my |
Source: SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | String found in binary or memory: http://ocsp.thawte.com0 |
Source: SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | String found in binary or memory: http://www.mozilla.com/0 |
Source: cvtres.exe, 00000001.00000002.511164792.0000000006921000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ipify.org% |
Source: cvtres.exe, 00000001.00000002.511164792.0000000006921000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ipify.org%%startupfolder% |
Source: SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | String found in binary or memory: https://www.thawte.com/cps0 |
Source: cvtres.exe, 00000001.00000002.511164792.0000000006921000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www |
Source: 0.2.SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe.4f8d790.0.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe.4f8d790.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 1.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 1.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 1.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 1.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 1.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 1.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 1.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 1.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 1.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 1.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 1.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 1.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 0.2.SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe.4f8d790.0.raw.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe.4f8d790.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 00000001.00000000.245549949.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 00000001.00000000.244725171.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 00000001.00000000.245291051.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 00000001.00000002.509237498.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 00000001.00000000.244974805.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 00000000.00000002.248323120.0000000004AAA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: Process Memory Space: SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe PID: 6008, type: MEMORYSTR | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: Process Memory Space: cvtres.exe PID: 6052, type: MEMORYSTR | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 1.0.cvtres.exe.400000.0.unpack, u003cPrivateImplementationDetailsu003eu007b849CCF59u002d1BE4u002d4855u002dBBC1u002d20E03C66EAF1u007d/u00391D53450u002d0C90u002d4FFBu002dABF1u002d6E4C372E332A.cs | Large array initialization: .cctor: array initializer size 11620 |
Source: 1.0.cvtres.exe.400000.3.unpack, u003cPrivateImplementationDetailsu003eu007b849CCF59u002d1BE4u002d4855u002dBBC1u002d20E03C66EAF1u007d/u00391D53450u002d0C90u002d4FFBu002dABF1u002d6E4C372E332A.cs | Large array initialization: .cctor: array initializer size 11620 |
Source: 1.2.cvtres.exe.400000.0.unpack, u003cPrivateImplementationDetailsu003eu007b849CCF59u002d1BE4u002d4855u002dBBC1u002d20E03C66EAF1u007d/u00391D53450u002d0C90u002d4FFBu002dABF1u002d6E4C372E332A.cs | Large array initialization: .cctor: array initializer size 11620 |
Source: 1.0.cvtres.exe.400000.4.unpack, u003cPrivateImplementationDetailsu003eu007b849CCF59u002d1BE4u002d4855u002dBBC1u002d20E03C66EAF1u007d/u00391D53450u002d0C90u002d4FFBu002dABF1u002d6E4C372E332A.cs | Large array initialization: .cctor: array initializer size 11620 |
Source: 1.0.cvtres.exe.400000.2.unpack, u003cPrivateImplementationDetailsu003eu007b849CCF59u002d1BE4u002d4855u002dBBC1u002d20E03C66EAF1u007d/u00391D53450u002d0C90u002d4FFBu002dABF1u002d6E4C372E332A.cs | Large array initialization: .cctor: array initializer size 11620 |
Source: 1.0.cvtres.exe.400000.1.unpack, u003cPrivateImplementationDetailsu003eu007b849CCF59u002d1BE4u002d4855u002dBBC1u002d20E03C66EAF1u007d/u00391D53450u002d0C90u002d4FFBu002dABF1u002d6E4C372E332A.cs | Large array initialization: .cctor: array initializer size 11620 |
Source: 0.2.SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe.4f8d790.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 0.2.SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe.4f8d790.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 1.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 1.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 1.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 1.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 1.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 1.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 1.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 1.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 1.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 1.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 1.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 1.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 0.2.SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe.4f8d790.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 0.2.SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe.4f8d790.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 00000001.00000000.245549949.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 00000001.00000000.244725171.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 00000001.00000000.245291051.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 00000001.00000002.509237498.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 00000001.00000000.244974805.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 00000000.00000002.248323120.0000000004AAA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: Process Memory Space: SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe PID: 6008, type: MEMORYSTR | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: Process Memory Space: cvtres.exe PID: 6052, type: MEMORYSTR | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E6A280 | 0_2_02E6A280 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E61B91 | 0_2_02E61B91 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E67340 | 0_2_02E67340 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E68F18 | 0_2_02E68F18 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E670C8 | 0_2_02E670C8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E634A8 | 0_2_02E634A8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E62581 | 0_2_02E62581 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E642C9 | 0_2_02E642C9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E642D8 | 0_2_02E642D8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E656A8 | 0_2_02E656A8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E662B0 | 0_2_02E662B0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E656B8 | 0_2_02E656B8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E6A270 | 0_2_02E6A270 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E68E4B | 0_2_02E68E4B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E66250 | 0_2_02E66250 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E67E29 | 0_2_02E67E29 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E633A7 | 0_2_02E633A7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E63371 | 0_2_02E63371 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E67331 | 0_2_02E67331 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E68F11 | 0_2_02E68F11 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E654C0 | 0_2_02E654C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E654B9 | 0_2_02E654B9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E670B9 | 0_2_02E670B9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E60448 | 0_2_02E60448 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Code function: 0_2_02E67571 | 0_2_02E67571 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_04EEF080 | 1_2_04EEF080 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_04EE6120 | 1_2_04EE6120 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_04EE02C2 | 1_2_04EE02C2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_04EEF3C8 | 1_2_04EEF3C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_04EEF3BD | 1_2_04EEF3BD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_092FB880 | 1_2_092FB880 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_092F2A58 | 1_2_092F2A58 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_092F0040 | 1_2_092F0040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0A124A78 | 1_2_0A124A78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0A127890 | 1_2_0A127890 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0A12A3E0 | 1_2_0A12A3E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0A12C660 | 1_2_0A12C660 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0A123179 | 1_2_0A123179 |
Source: 1.0.cvtres.exe.400000.0.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 1.0.cvtres.exe.400000.0.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 1.0.cvtres.exe.400000.3.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 1.0.cvtres.exe.400000.3.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 1.2.cvtres.exe.400000.0.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 1.2.cvtres.exe.400000.0.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe, 00000000.00000002.248323120.0000000004AAA000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: %ADsCAAB2AAARFhMLONYAAAAAEQsfCf4BLAYWKh8KEwsAEQsZ/gEsBgQUURoTCwARCxj+ASwGAxRRGRMLABELGv4BLA4gACAAAI0vAAABCxsTCwARCxv+ASwGFhMEHBMLABELHP4BLAkgACAAAAwdEwsAEQse/gEsFQIgAAAAgCjzAgAGKOoAAAYmHwkTCwARCxf+ASwDGBMLABELHwr+ASwgEQQNAgd0DAAAGxEECBZvuQEAChMGEQYWMzAWKh8LEwsAEQsd/gEsBwgWM9QeEwsAEQsW/gEsAxcTCwARCx8L/gEsAisFOCX///8RBBEG1hMECBEG2gwHdAwAABsWCRnaKLoBAAoRBBIAKM8AAAYsuAMoowAACgd0DAAAGxYGb9sAAApREQQGOxQBAAARBAbaEwcEEQcX2hfWjS8AAAFRFNCCAAABKBQAAAooVQIABhuNBwAAARMIEQgWBygRAAAKohEIFwaMUQAAAaIRCBgEUKIRCBkWjFEAAAGiEQgaEQeMUQAAAaIRCBM |
Source: SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe, 00000000.00000002.248323120.0000000004AAA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe, 00000000.00000002.247647159.00000000048D5000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: %GiEQgaEQeMUQ |
Source: SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe, 00000000.00000002.248323120.0000000004AAA000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: %kWjFEAAAGiEQgaEQeMUQAAAaIRC |
Source: cvtres.exe, 00000001.00000003.271596448.0000000009DB3000.00000004.00000800.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.514945881.0000000009DA0000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe, u200f????????????????????????????????????????.cs | Reference to suspicious API methods: ('?????????????????????????????????????????', 'GetProcAddress@kernel32'), ('?????????????????????????????????????????', 'LoadLibraryA@kernel32') |
Source: 0.0.SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe.b40000.0.unpack, u200f????????????????????????????????????????.cs | Reference to suspicious API methods: ('?????????????????????????????????????????', 'GetProcAddress@kernel32'), ('?????????????????????????????????????????', 'LoadLibraryA@kernel32') |
Source: 1.0.cvtres.exe.400000.0.unpack, A/E1.cs | Reference to suspicious API methods: ('A', 'MapVirtualKey@user32.dll') |
Source: 1.0.cvtres.exe.400000.3.unpack, A/E1.cs | Reference to suspicious API methods: ('A', 'MapVirtualKey@user32.dll') |
Source: 1.2.cvtres.exe.400000.0.unpack, A/E1.cs | Reference to suspicious API methods: ('A', 'MapVirtualKey@user32.dll') |
Source: 1.0.cvtres.exe.400000.4.unpack, A/E1.cs | Reference to suspicious API methods: ('A', 'MapVirtualKey@user32.dll') |
Source: 1.0.cvtres.exe.400000.2.unpack, A/E1.cs | Reference to suspicious API methods: ('A', 'MapVirtualKey@user32.dll') |
Source: 1.0.cvtres.exe.400000.1.unpack, A/E1.cs | Reference to suspicious API methods: ('A', 'MapVirtualKey@user32.dll') |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe | Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe.4f8d790.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe.4f8d790.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000001.00000000.245549949.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000000.244725171.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000000.245291051.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.509237498.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000000.244974805.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.248323120.0000000004AAA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.511164792.0000000006921000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe PID: 6008, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: cvtres.exe PID: 6052, type: MEMORYSTR |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe.4f8d790.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe.4f8d790.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000001.00000000.245549949.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000000.244725171.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000000.245291051.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.509237498.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000000.244974805.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.248323120.0000000004AAA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.511164792.0000000006921000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: SecuriteInfo.com.Suspicious.Win32.Save.a.5066.exe PID: 6008, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: cvtres.exe PID: 6052, type: MEMORYSTR |