Source: 00000000.00000003.1442680982.00000000036D0000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: boredimperissvieos.shop |
Source: 00000000.00000003.1442680982.00000000036D0000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: holicisticscrarws.shop |
Source: 00000000.00000003.1442680982.00000000036D0000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: sweetsquarediaslw.shop |
Source: 00000000.00000003.1442680982.00000000036D0000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: plaintediousidowsko.shop |
Source: 00000000.00000003.1442680982.00000000036D0000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: miniaturefinerninewjs.shop |
Source: 00000000.00000003.1442680982.00000000036D0000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: zippyfinickysofwps.shop |
Source: 00000000.00000003.1442680982.00000000036D0000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: obsceneclassyjuwks.shop |
Source: 00000000.00000003.1442680982.00000000036D0000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: acceptabledcooeprs.shop |
Source: 00000000.00000003.1442680982.00000000036D0000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: stiffraspyofkwsl.shop |
Source: 00000000.00000003.1442680982.00000000036D0000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 00000000.00000003.1442680982.00000000036D0000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: TeslaBrowser/5.5 |
Source: 00000000.00000003.1442680982.00000000036D0000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: - Screen Resoluton: |
Source: 00000000.00000003.1442680982.00000000036D0000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: - Physical Installed Memory: |
Source: 00000000.00000003.1442680982.00000000036D0000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: Workgroup: - |
Source: 00000000.00000003.1442680982.00000000036D0000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: P6Mk0M--superstar |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], CCC8066Ah |
0_2_0043C461 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
0_2_0043E8D0 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov byte ptr [edi], al |
0_2_00427059 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov eax, dword ptr [esi+00000090h] |
0_2_00413038 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then jmp ecx |
0_2_0043E09F |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
0_2_004350A0 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then lea eax, dword ptr [edi+04h] |
0_2_0042213D |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+04h] |
0_2_0042213D |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then movzx ecx, word ptr [esi] |
0_2_0043D265 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then jmp eax |
0_2_0041D35E |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then jmp edx |
0_2_0041D35E |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then inc ebx |
0_2_00415470 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+10h] |
0_2_00424478 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+10h] |
0_2_00424478 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+20h] |
0_2_00428410 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov dword ptr [esi+20h], 00000000h |
0_2_00411419 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then jmp ecx |
0_2_0043C436 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then jmp ecx |
0_2_0043D4E8 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then jmp ecx |
0_2_0043D48A |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov eax, dword ptr [esp+20h] |
0_2_00416555 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], CCC8066Ah |
0_2_0043C571 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+0Ch] |
0_2_0043C571 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then movsx eax, byte ptr [esi+ecx] |
0_2_0040D650 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+edi] |
0_2_00402650 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], 5C3924FCh |
0_2_0043C615 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov edi, dword ptr [esi+04h] |
0_2_004226BD |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov edi, dword ptr [esi+04h] |
0_2_00422760 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
0_2_004097F0 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
0_2_004258B0 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov byte ptr [edi], al |
0_2_00426948 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov dword ptr [esi+7Ch], ecx |
0_2_00426953 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
0_2_0043A930 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+20h] |
0_2_004279F5 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov eax, dword ptr [00447EE8h] |
0_2_00424982 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then movzx edi, cx |
0_2_00428A13 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then cmp dword ptr [ebx+ecx*8], FB49C974h |
0_2_00439A20 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
0_2_0043EAF0 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov word ptr [eax], cx |
0_2_00417ABA |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then jmp ecx |
0_2_0041DB00 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 9EDBE8FEh |
0_2_0041DB00 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+00000090h] |
0_2_00414D32 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov edx, eax |
0_2_0041DDC7 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov esi, dword ptr [esp+0Ch] |
0_2_0040FE47 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then cmp byte ptr [ecx], 00000000h |
0_2_00411E13 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then jmp edx |
0_2_0043DE9C |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then jmp edx |
0_2_0043DEB1 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov edx, eax |
0_2_0041DF3A |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then movzx esi, ch |
0_2_0043DFE0 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then jmp edx |
0_2_01BFE118 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then jmp edx |
0_2_01BFE103 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov esi, dword ptr [esp+0Ch] |
0_2_01BD00AE |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov edx, eax |
0_2_01BDE02E |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then cmp byte ptr [ecx], 00000000h |
0_2_01BD207A |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
0_2_01BF5307 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then jmp ecx |
0_2_01BFE306 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov eax, dword ptr [esi+00000090h] |
0_2_01BD329F |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov byte ptr [edi], al |
0_2_01BE72C0 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then movzx esi, ch |
0_2_01BFE247 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+04h] |
0_2_01BE25E5 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then lea eax, dword ptr [edi+04h] |
0_2_01BE2488 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then movzx ecx, word ptr [esi] |
0_2_01BFD4CC |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov eax, dword ptr [esp+20h] |
0_2_01BD67BC |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then jmp ecx |
0_2_01BFD74F |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then jmp ecx |
0_2_01BFC69D |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov dword ptr [esi+20h], 00000000h |
0_2_01BD1680 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then jmp eax |
0_2_01BDD6F9 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then jmp ecx |
0_2_01BFD6F1 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+10h] |
0_2_01BE46DF |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+10h] |
0_2_01BE46DF |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then inc ebx |
0_2_01BD56D7 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], CCC8066Ah |
0_2_01BFC6C8 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+20h] |
0_2_01BE8677 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then movsx eax, byte ptr [esi+ecx] |
0_2_01BCD8B7 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+edi] |
0_2_01BC28B7 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov eax, dword ptr [esi+48h] |
0_2_01BE088D |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov dword ptr [esi+7Ch], ecx |
0_2_01BE6BBA |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov byte ptr [edi], al |
0_2_01BE6BAF |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
0_2_01BE5B17 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
0_2_01BFAB97 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov eax, dword ptr [00447EE8h] |
0_2_01BE4BE9 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
0_2_01BFEB37 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
0_2_01BE5B17 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
0_2_01BC9A57 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov word ptr [eax], cx |
0_2_01BD7D21 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
0_2_01BFED57 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then cmp dword ptr [ebx+ecx*8], FB49C974h |
0_2_01BF9C87 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then movzx edi, cx |
0_2_01BE8C7A |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+20h] |
0_2_01BE7C5C |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then jmp edx |
0_2_01BDDC57 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+00000090h] |
0_2_01BD4F99 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 4x nop then jmp ecx |
0_2_01BDDE8D |
Source: Amcache.hve.4.dr |
String found in binary or memory: http://upx.sf.net |
Source: lfY08S61Ig.exe, 00000000.00000002.1565455317.0000000001C75000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://stiffraspyofkwsl.shop/ |
Source: lfY08S61Ig.exe, 00000000.00000002.1565455317.0000000001CAB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://stiffraspyofkwsl.shop/api |
Source: lfY08S61Ig.exe, 00000000.00000002.1565455317.0000000001CAB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://stiffraspyofkwsl.shop/api6X |
Source: lfY08S61Ig.exe, 00000000.00000002.1565455317.0000000001C75000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://stiffraspyofkwsl.shop/apieO |
Source: lfY08S61Ig.exe, 00000000.00000002.1565455317.0000000001CAB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://stiffraspyofkwsl.shop/b |
Source: lfY08S61Ig.exe, 00000000.00000002.1565455317.0000000001CAB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://stiffraspyofkwsl.shop/h |
Source: lfY08S61Ig.exe, 00000000.00000002.1565455317.0000000001CAB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://stiffraspyofkwsl.shop/jOT |
Source: lfY08S61Ig.exe, 00000000.00000002.1565455317.0000000001CAB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://stiffraspyofkwsl.shop/p |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_00437090 |
0_2_00437090 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_004080A0 |
0_2_004080A0 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_00404160 |
0_2_00404160 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_0042112E |
0_2_0042112E |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_0042213D |
0_2_0042213D |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_0043F190 |
0_2_0043F190 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_0041D35E |
0_2_0041D35E |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_00403360 |
0_2_00403360 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_00410390 |
0_2_00410390 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_00406480 |
0_2_00406480 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_0043F500 |
0_2_0043F500 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_00403750 |
0_2_00403750 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_00405720 |
0_2_00405720 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_004017B0 |
0_2_004017B0 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_00422840 |
0_2_00422840 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_0042C85E |
0_2_0042C85E |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_004218A0 |
0_2_004218A0 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_00406A50 |
0_2_00406A50 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_00428AC0 |
0_2_00428AC0 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_00425B50 |
0_2_00425B50 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_00404B30 |
0_2_00404B30 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_00402D10 |
0_2_00402D10 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_0043EE70 |
0_2_0043EE70 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_00439E10 |
0_2_00439E10 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_01BFF0D7 |
0_2_01BFF0D7 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_01BFA077 |
0_2_01BFA077 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_01BFF3F7 |
0_2_01BFF3F7 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_01BC43C7 |
0_2_01BC43C7 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_01BC8307 |
0_2_01BC8307 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_01BF72F7 |
0_2_01BF72F7 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_01BD05F7 |
0_2_01BD05F7 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_01BC35C7 |
0_2_01BC35C7 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_01BFF767 |
0_2_01BFF767 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_01BC66E7 |
0_2_01BC66E7 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_01BC39B7 |
0_2_01BC39B7 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_01BC5987 |
0_2_01BC5987 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_01BE1B07 |
0_2_01BE1B07 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_01BECAC5 |
0_2_01BECAC5 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_01BE5DB7 |
0_2_01BE5DB7 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_01BC4D97 |
0_2_01BC4D97 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_01BE8D27 |
0_2_01BE8D27 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Code function: 0_2_01BC6CB7 |
0_2_01BC6CB7 |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: msvcr100.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\lfY08S61Ig.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware |
Source: lfY08S61Ig.exe, 00000000.00000002.1565455317.0000000001C75000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWx |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.4.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware-42 27 c5 9a 47 85 d6 84-53 49 ec ec 87 a6 6d 67 |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware, Inc. |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.4.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.4.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.4.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: lfY08S61Ig.exe, 00000000.00000002.1565455317.0000000001CAB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: Amcache.hve.4.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.4.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.4.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.4.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.4.dr |
Binary or memory string: vmci.sys |
Source: Amcache.hve.4.dr |
Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.4.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: lfY08S61Ig.exe, 00000000.00000002.1565455317.0000000001CAB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWP |
Source: Amcache.hve.4.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.4.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.4.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.4.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.4.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.4.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.4.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.4.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |