Source: 98765434567890.exe, 0000000E.00000002.5798409385.00000000018C7000.00000004.00000020.00020000.00000000.sdmp, 98765434567890.exe, 0000000E.00000002.5796006070.000000000187A000.00000004.00000020.00020000.00000000.sdmp, 98765434567890.exe, 0000000E.00000002.5798690471.00000000018CF000.00000004.00000020.00020000.00000000.sdmp, 98765434567890.exe, 0000000E.00000003.1619247609.00000000018D8000.00000004.00000020.00020000.00000000.sdmp, 98765434567890.exe, 0000000E.00000002.5799359649.00000000018EB000.00000004.00000020.00020000.00000000.sdmp, 98765434567890.exe, 0000000E.00000002.5799433414.00000000018ED000.00000004.00000020.00020000.00000000.sdmp, 98765434567890.exe, 0000000E.00000002.5797556527.00000000018AB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://bulungan.go.id/jnSMxRfpiTGW30.mdp |
Source: 98765434567890.exe, 0000000E.00000002.5797556527.00000000018AB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://bulungan.go.id/jnSMxRfpiTGW30.mdp$M |
Source: 98765434567890.exe, 0000000E.00000002.5798690471.00000000018CF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://bulungan.go.id/jnSMxRfpiTGW30.mdp. |
Source: 98765434567890.exe, 0000000E.00000002.5796006070.000000000187A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://bulungan.go.id/jnSMxRfpiTGW30.mdp32T7 |
Source: 98765434567890.exe, 0000000E.00000002.5797556527.00000000018AB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://bulungan.go.id/jnSMxRfpiTGW30.mdp3d |
Source: 98765434567890.exe, 0000000E.00000002.5797556527.00000000018AB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://bulungan.go.id/jnSMxRfpiTGW30.mdpLJ% |
Source: 98765434567890.exe, 0000000E.00000002.5798690471.00000000018CF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://bulungan.go.id/jnSMxRfpiTGW30.mdpW |
Source: 98765434567890.exe, 0000000E.00000002.5797556527.00000000018AB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://bulungan.go.id/jnSMxRfpiTGW30.mdpXJ1 |
Source: 98765434567890.exe, 0000000E.00000002.5797556527.00000000018AB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://bulungan.go.id/jnSMxRfpiTGW30.mdpZ |
Source: 98765434567890.exe, 0000000E.00000002.5796006070.000000000187A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://bulungan.go.id/jnSMxRfpiTGW30.mdp_7d |
Source: 98765434567890.exe, 0000000E.00000002.5797556527.00000000018AB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://bulungan.go.id/jnSMxRfpiTGW30.mdpdJ |
Source: 98765434567890.exe, 0000000E.00000002.5797556527.00000000018AB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://bulungan.go.id/jnSMxRfpiTGW30.mdphJ |
Source: 98765434567890.exe, 0000000E.00000002.5797556527.00000000018AB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://bulungan.go.id/jnSMxRfpiTGW30.mdpoV% |
Source: 98765434567890.exe, 0000000E.00000002.5797556527.00000000018AB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://bulungan.go.id/jnSMxRfpiTGW30.mdppJ) |
Source: 98765434567890.exe, 0000000E.00000002.5798690471.00000000018CF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://bulungan.go.id/jnSMxRfpiTGW30.mdpt |
Source: 98765434567890.exe, 0000000E.00000001.1133762095.0000000000649000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference. |
Source: 98765434567890.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: 98765434567890.exe |
String found in binary or memory: http://s.symcb.com/universal-root.crl0 |
Source: 98765434567890.exe |
String found in binary or memory: http://s.symcd.com06 |
Source: 98765434567890.exe |
String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( |
Source: 98765434567890.exe |
String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 |
Source: 98765434567890.exe |
String found in binary or memory: http://ts-ocsp.ws.symantec.com0; |
Source: 98765434567890.exe, 0000000E.00000001.1133762095.0000000000649000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: http://www.gopher.ftp://ftp. |
Source: 98765434567890.exe, 0000000E.00000001.1133580816.0000000000626000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD |
Source: 98765434567890.exe, 0000000E.00000001.1133308325.00000000005F2000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd |
Source: 98765434567890.exe, 0000000E.00000001.1133308325.00000000005F2000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd |
Source: 98765434567890.exe |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: 98765434567890.exe |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: 98765434567890.exe |
String found in binary or memory: https://d.symcb.com/rpa0. |
Source: 98765434567890.exe, 0000000E.00000001.1133762095.0000000000649000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_004054B0 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, |
2_2_004054B0 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0040344A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
2_2_0040344A |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_00404CED |
2_2_00404CED |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_004068DA |
2_2_004068DA |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034AF5DD |
2_2_034AF5DD |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03490F45 |
2_2_03490F45 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03490344 |
2_2_03490344 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349135A |
2_2_0349135A |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349375C |
2_2_0349375C |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349AB50 |
2_2_0349AB50 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03499774 |
2_2_03499774 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03493B0E |
2_2_03493B0E |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349D700 |
2_2_0349D700 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03493F04 |
2_2_03493F04 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034903CA |
2_2_034903CA |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034AF7C2 |
2_2_034AF7C2 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034937C2 |
2_2_034937C2 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03498FC4 |
2_2_03498FC4 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03493BDD |
2_2_03493BDD |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349DBFA |
2_2_0349DBFA |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034913F4 |
2_2_034913F4 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03493B86 |
2_2_03493B86 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03490B96 |
2_2_03490B96 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034907AE |
2_2_034907AE |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03493FAE |
2_2_03493FAE |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034A67B8 |
2_2_034A67B8 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349364A |
2_2_0349364A |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349324F |
2_2_0349324F |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03490245 |
2_2_03490245 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03490A47 |
2_2_03490A47 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034B1E5B |
2_2_034B1E5B |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03490E5C |
2_2_03490E5C |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03493A51 |
2_2_03493A51 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03493E56 |
2_2_03493E56 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349DE78 |
2_2_0349DE78 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03491275 |
2_2_03491275 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034B520C |
2_2_034B520C |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349D610 |
2_2_0349D610 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03499E26 |
2_2_03499E26 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03499234 |
2_2_03499234 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03499634 |
2_2_03499634 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034992C8 |
2_2_034992C8 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03490ECA |
2_2_03490ECA |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034912CD |
2_2_034912CD |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03490AEB |
2_2_03490AEB |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034936EB |
2_2_034936EB |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034932EF |
2_2_034932EF |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349D2E4 |
2_2_0349D2E4 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034906F7 |
2_2_034906F7 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034B269F |
2_2_034B269F |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03498EAC |
2_2_03498EAC |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03493AAE |
2_2_03493AAE |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03494140 |
2_2_03494140 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03499140 |
2_2_03499140 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03490542 |
2_2_03490542 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03493544 |
2_2_03493544 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03495146 |
2_2_03495146 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349395A |
2_2_0349395A |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03499178 |
2_2_03499178 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03493173 |
2_2_03493173 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034B150A |
2_2_034B150A |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349D50D |
2_2_0349D50D |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03490128 |
2_2_03490128 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034B2929 |
2_2_034B2929 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349A92A |
2_2_0349A92A |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03490922 |
2_2_03490922 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03490D39 |
2_2_03490D39 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03493D35 |
2_2_03493D35 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03498D34 |
2_2_03498D34 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03493936 |
2_2_03493936 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034909CE |
2_2_034909CE |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034905DA |
2_2_034905DA |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034995DE |
2_2_034995DE |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034935D1 |
2_2_034935D1 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03493DE8 |
2_2_03493DE8 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034939EF |
2_2_034939EF |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03498D96 |
2_2_03498D96 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034901B5 |
2_2_034901B5 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03493C4A |
2_2_03493C4A |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349AC50 |
2_2_0349AC50 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03494057 |
2_2_03494057 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03490472 |
2_2_03490472 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349D80D |
2_2_0349D80D |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03490001 |
2_2_03490001 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03490C04 |
2_2_03490C04 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349001C |
2_2_0349001C |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03493415 |
2_2_03493415 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03493CC6 |
2_2_03493CC6 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034904D4 |
2_2_034904D4 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349D4EF |
2_2_0349D4EF |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034930FC |
2_2_034930FC |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034910F4 |
2_2_034910F4 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03490C98 |
2_2_03490C98 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03491497 |
2_2_03491497 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034934A9 |
2_2_034934A9 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034900AB |
2_2_034900AB |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034AFCBF |
2_2_034AFCBF |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034938B1 |
2_2_034938B1 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0040344A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
2_2_0040344A |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_10002DE0 push eax; ret |
2_2_10002E0E |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03496F4A push eax; ret |
2_2_03496F49 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03494B93 push ebp; ret |
2_2_03494B96 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034A2FAB push esp; iretd |
2_2_034A2FD3 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03496E6E push eax; ret |
2_2_03496F49 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034962A2 pushfd ; ret |
2_2_034962A3 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349D161 push ebp; iretd |
2_2_0349D162 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03496076 push ebp; iretd |
2_2_03496078 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034974FE push ebp; retf |
2_2_034974FF |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 14_2_01660B7B push ebp; ret |
14_2_01660C45 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 14_2_01663744 push esp; retf |
14_2_0166374E |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 14_2_01663246 push esp; retf |
14_2_01663252 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 14_2_0166144D push esp; retf |
14_2_0166144E |
Source: 98765434567890.exe, 00000002.00000002.1792129439.0000000010059000.00000004.00000800.00020000.00000000.sdmp, 98765434567890.exe, 0000000E.00000002.5800306502.00000000034A9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Guest Shutdown Service |
Source: 98765434567890.exe, 00000002.00000002.1792129439.0000000010059000.00000004.00000800.00020000.00000000.sdmp, 98765434567890.exe, 0000000E.00000002.5800306502.00000000034A9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Remote Desktop Virtualization Service |
Source: 98765434567890.exe, 0000000E.00000002.5800306502.00000000034A9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: vmicshutdown |
Source: 98765434567890.exe, 00000002.00000002.1792129439.0000000010059000.00000004.00000800.00020000.00000000.sdmp, 98765434567890.exe, 0000000E.00000002.5800306502.00000000034A9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Volume Shadow Copy Requestor |
Source: 98765434567890.exe, 0000000E.00000002.5798690471.00000000018CF000.00000004.00000020.00020000.00000000.sdmp, 98765434567890.exe, 0000000E.00000003.1619247609.00000000018D8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWp |
Source: 98765434567890.exe, 00000002.00000002.1792129439.0000000010059000.00000004.00000800.00020000.00000000.sdmp, 98765434567890.exe, 0000000E.00000002.5800306502.00000000034A9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V PowerShell Direct Service |
Source: 98765434567890.exe, 00000002.00000002.1792129439.0000000010059000.00000004.00000800.00020000.00000000.sdmp, 98765434567890.exe, 0000000E.00000002.5800306502.00000000034A9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Time Synchronization Service |
Source: 98765434567890.exe, 0000000E.00000002.5800306502.00000000034A9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: vmicvss |
Source: 98765434567890.exe, 0000000E.00000002.5796006070.000000000187A000.00000004.00000020.00020000.00000000.sdmp, 98765434567890.exe, 0000000E.00000002.5798690471.00000000018CF000.00000004.00000020.00020000.00000000.sdmp, 98765434567890.exe, 0000000E.00000003.1619247609.00000000018D8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: 98765434567890.exe, 00000002.00000002.1792129439.0000000010059000.00000004.00000800.00020000.00000000.sdmp, 98765434567890.exe, 0000000E.00000002.5800306502.00000000034A9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Data Exchange Service |
Source: 98765434567890.exe, 00000002.00000002.1792129439.0000000010059000.00000004.00000800.00020000.00000000.sdmp, 98765434567890.exe, 0000000E.00000002.5800306502.00000000034A9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Heartbeat Service |
Source: 98765434567890.exe, 00000002.00000002.1792129439.0000000010059000.00000004.00000800.00020000.00000000.sdmp, 98765434567890.exe, 0000000E.00000002.5800306502.00000000034A9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Guest Service Interface |
Source: 98765434567890.exe, 0000000E.00000002.5800306502.00000000034A9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: vmicheartbeat |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349DF36 mov ebx, dword ptr fs:[00000030h] |
2_2_0349DF36 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349DBFA mov eax, dword ptr fs:[00000030h] |
2_2_0349DBFA |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034A1788 mov eax, dword ptr fs:[00000030h] |
2_2_034A1788 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349DE78 mov ebx, dword ptr fs:[00000030h] |
2_2_0349DE78 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349DE78 mov eax, dword ptr fs:[00000030h] |
2_2_0349DE78 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349DE18 mov eax, dword ptr fs:[00000030h] |
2_2_0349DE18 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034B06CA mov eax, dword ptr fs:[00000030h] |
2_2_034B06CA |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349DEC4 mov ebx, dword ptr fs:[00000030h] |
2_2_0349DEC4 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349C686 mov eax, dword ptr fs:[00000030h] |
2_2_0349C686 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_034B2929 mov eax, dword ptr fs:[00000030h] |
2_2_034B2929 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_03498D96 mov eax, dword ptr fs:[00000030h] |
2_2_03498D96 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349DC48 mov eax, dword ptr fs:[00000030h] |
2_2_0349DC48 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349D4EF mov eax, dword ptr fs:[00000030h] |
2_2_0349D4EF |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0349DCA9 mov eax, dword ptr fs:[00000030h] |
2_2_0349DCA9 |
Source: C:\Users\user\Desktop\98765434567890.exe |
Code function: 2_2_0040344A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
2_2_0040344A |