Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdbl> source: i6R4NsEd8t.exe, 00000006.00000002.2399868403.0000000001503000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Xml.ni.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068C5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.ni.pdbRSDS source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.pdbxX source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.Configuration.ni.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: \??\C:\Users\user\Desktop\i6R4NsEd8t.PDB source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068C5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.ni.pdbRSDS source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb source: i6R4NsEd8t.exe, 00000006.00000002.2399868403.0000000001503000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.Xml.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdbs source: i6R4NsEd8t.exe, 00000006.00000002.2399868403.0000000001503000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Xml.ni.pdbRSDS# source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.Core.ni.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: Microsoft.VisualBasic.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.Windows.Forms.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb35 source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068A2000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.pdb0_ source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.Web.Extensions.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: mscorlib.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: oVisualBasic.pdb source: i6R4NsEd8t.exe, 00000006.00000002.2399397553.0000000000FD6000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdbl source: i6R4NsEd8t.exe, 00000006.00000002.2399868403.0000000001503000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdbM0C source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068C5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdbb2 source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068C5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.ni.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.Core.pdb| source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: C:\Users\user\Desktop\i6R4NsEd8t.PDB source: i6R4NsEd8t.exe, 00000006.00000002.2399397553.0000000000FD6000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.Core.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: nLC:\Windows\Microsoft.VisualBasic.pdb source: i6R4NsEd8t.exe, 00000006.00000002.2399397553.0000000000FD6000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.Windows.Forms.pdblZ source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.Configuration.ni.pdbRSDScUN source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.ni.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.Core.ni.pdbRSDS source: WERF878.tmp.dmp.9.dr |
Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003325000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.com |
Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003325000.00000004.00000800.00020000.00000000.sdmp, i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003319000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.org |
Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.org/ |
Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.org/h |
Source: svchost.exe, 00000001.00000002.3256219765.000001F9A9E00000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.ver) |
Source: qmgr.db.1.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU |
Source: qmgr.db.1.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n |
Source: qmgr.db.1.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/ |
Source: qmgr.db.1.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567 |
Source: qmgr.db.1.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg |
Source: svchost.exe, 00000001.00000002.3255603833.000001F9A5102000.00000004.00000020.00020000.00000000.sdmp, qmgr.db.1.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe |
Source: qmgr.db.1.dr | String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20 |
Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003346000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://freegeoip.app |
Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003364000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ipbase.com |
Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Amcache.hve.9.dr | String found in binary or memory: http://upx.sf.net |
Source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068A2000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.microsoft.K |
Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, i6R4NsEd8t.exe, 00000006.00000002.2400764797.000000000335C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/125 |
Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=Createutf-8 |
Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.00000000033C2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400 |
Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003325000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://freegeoip.app |
Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003325000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://freegeoip.app/xml/ |
Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003325000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://freegeoip.app/xml/154.16.49.82 |
Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://freegeoip.app/xml/LoadCountryNameClipboard |
Source: edb.log.1.dr, qmgr.db.1.dr | String found in binary or memory: https://g.live.com/odclientsettings/Prod/C: |
Source: svchost.exe, 00000001.00000003.2004807687.000001F9A9CA0000.00000004.00000800.00020000.00000000.sdmp, edb.log.1.dr, qmgr.db.1.dr | String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C: |
Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003364000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ipbase.com |
Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003364000.00000004.00000800.00020000.00000000.sdmp, i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003360000.00000004.00000800.00020000.00000000.sdmp, i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003325000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ipbase.com/xml/154.16.49.82 |
Source: qmgr.db.1.dr | String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe/C: |
Source: 6.2.i6R4NsEd8t.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 6.2.i6R4NsEd8t.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables packed with ConfuserEx Mod Beds Protector Author: ditekSHen |
Source: 6.2.i6R4NsEd8t.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 6.2.i6R4NsEd8t.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables packed with ConfuserEx Mod Beds Protector Author: ditekSHen |
Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables packed with ConfuserEx Mod Beds Protector Author: ditekSHen |
Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpack, type: UNPACKEDPE | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000006.00000002.2399118416.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000000.00000002.2329621509.0000000003BB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: Process Memory Space: i6R4NsEd8t.exe PID: 7608, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: i6R4NsEd8t.exe PID: 8172, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: i6R4NsEd8t.exe PID: 8172, type: MEMORYSTR | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 6.2.i6R4NsEd8t.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 6.2.i6R4NsEd8t.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector snort2_sid = 930019-930024, author = ditekSHen, description = Detects executables packed with ConfuserEx Mod Beds Protector, snort3_sid = 930007-930008 |
Source: 6.2.i6R4NsEd8t.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 6.2.i6R4NsEd8t.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector snort2_sid = 930019-930024, author = ditekSHen, description = Detects executables packed with ConfuserEx Mod Beds Protector, snort3_sid = 930007-930008 |
Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector snort2_sid = 930019-930024, author = ditekSHen, description = Detects executables packed with ConfuserEx Mod Beds Protector, snort3_sid = 930007-930008 |
Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000006.00000002.2399118416.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000000.00000002.2329621509.0000000003BB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: Process Memory Space: i6R4NsEd8t.exe PID: 7608, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: i6R4NsEd8t.exe PID: 8172, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: i6R4NsEd8t.exe PID: 8172, type: MEMORYSTR | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_00F1DA0C | 0_2_00F1DA0C |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D189A8 | 0_2_08D189A8 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D15B40 | 0_2_08D15B40 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D10F80 | 0_2_08D10F80 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D10040 | 0_2_08D10040 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D15670 | 0_2_08D15670 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D18748 | 0_2_08D18748 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D1899B | 0_2_08D1899B |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D14CF5 | 0_2_08D14CF5 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D12D39 | 0_2_08D12D39 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D11E80 | 0_2_08D11E80 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D11E73 | 0_2_08D11E73 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D10F03 | 0_2_08D10F03 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D130D0 | 0_2_08D130D0 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D130C0 | 0_2_08D130C0 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D10011 | 0_2_08D10011 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D16030 | 0_2_08D16030 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D1602E | 0_2_08D1602E |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D17298 | 0_2_08D17298 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D17287 | 0_2_08D17287 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D132B8 | 0_2_08D132B8 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D132A8 | 0_2_08D132A8 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D18458 | 0_2_08D18458 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D1844B | 0_2_08D1844B |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D116D8 | 0_2_08D116D8 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D13688 | 0_2_08D13688 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D1468D | 0_2_08D1468D |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D146A0 | 0_2_08D146A0 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D13679 | 0_2_08D13679 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D15660 | 0_2_08D15660 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 0_2_08D18743 | 0_2_08D18743 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_01460981 | 6_2_01460981 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_01468B69 | 6_2_01468B69 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_014692E0 | 6_2_014692E0 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_01465DBE | 6_2_01465DBE |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_01461439 | 6_2_01461439 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_01461950 | 6_2_01461950 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D020C0 | 6_2_06D020C0 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D028E0 | 6_2_06D028E0 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D01080 | 6_2_06D01080 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D018A0 | 6_2_06D018A0 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D00040 | 6_2_06D00040 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D00860 | 6_2_06D00860 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D05198 | 6_2_06D05198 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D06188 | 6_2_06D06188 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D04158 | 6_2_06D04158 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D04978 | 6_2_06D04978 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D05968 | 6_2_06D05968 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D03100 | 6_2_06D03100 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D03920 | 6_2_06D03920 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D038C0 | 6_2_06D038C0 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D040F8 | 6_2_06D040F8 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D02881 | 6_2_06D02881 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D030A1 | 6_2_06D030A1 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D01841 | 6_2_06D01841 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D02063 | 6_2_06D02063 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D00801 | 6_2_06D00801 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D00007 | 6_2_06D00007 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D01021 | 6_2_06D01021 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D059B8 | 6_2_06D059B8 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D06179 | 6_2_06D06179 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D04919 | 6_2_06D04919 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D05138 | 6_2_06D05138 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D372D8 | 6_2_06D372D8 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D35AC8 | 6_2_06D35AC8 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D37AF8 | 6_2_06D37AF8 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D36298 | 6_2_06D36298 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D3D680 | 6_2_06D3D680 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D34A88 | 6_2_06D34A88 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D36AB8 | 6_2_06D36AB8 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D352A8 | 6_2_06D352A8 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D3F240 | 6_2_06D3F240 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D33A48 | 6_2_06D33A48 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D34268 | 6_2_06D34268 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D3EA68 | 6_2_06D3EA68 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D33228 | 6_2_06D33228 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D3B3D8 | 6_2_06D3B3D8 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D3BBF8 | 6_2_06D3BBF8 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D3A398 | 6_2_06D3A398 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D3ABB8 | 6_2_06D3ABB8 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D39358 | 6_2_06D39358 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D39B78 | 6_2_06D39B78 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D38318 | 6_2_06D38318 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D38B38 | 6_2_06D38B38 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D3CC88 | 6_2_06D3CC88 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D30040 | 6_2_06D30040 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D3C468 | 6_2_06D3C468 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D32968 | 6_2_06D32968 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D38AD8 | 6_2_06D38AD8 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D392F8 | 6_2_06D392F8 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D362E8 | 6_2_06D362E8 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D37A98 | 6_2_06D37A98 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D382B9 | 6_2_06D382B9 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D36AA8 | 6_2_06D36AA8 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D3524A | 6_2_06D3524A |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D3D670 | 6_2_06D3D670 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D37278 | 6_2_06D37278 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D35A68 | 6_2_06D35A68 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D34209 | 6_2_06D34209 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D34A28 | 6_2_06D34A28 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D3BB98 | 6_2_06D3BB98 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D3C3B7 | 6_2_06D3C3B7 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D3AB58 | 6_2_06D3AB58 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D3B379 | 6_2_06D3B379 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D39B19 | 6_2_06D39B19 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D3A338 | 6_2_06D3A338 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D3003F | 6_2_06D3003F |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D3CC28 | 6_2_06D3CC28 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D331C8 | 6_2_06D331C8 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D339E8 | 6_2_06D339E8 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D3F191 | 6_2_06D3F191 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Code function: 6_2_06D3E9B8 | 6_2_06D3E9B8 |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdbl> source: i6R4NsEd8t.exe, 00000006.00000002.2399868403.0000000001503000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Xml.ni.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068C5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.ni.pdbRSDS source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.pdbxX source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.Configuration.ni.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: \??\C:\Users\user\Desktop\i6R4NsEd8t.PDB source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068C5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.ni.pdbRSDS source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb source: i6R4NsEd8t.exe, 00000006.00000002.2399868403.0000000001503000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.Xml.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdbs source: i6R4NsEd8t.exe, 00000006.00000002.2399868403.0000000001503000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Xml.ni.pdbRSDS# source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.Core.ni.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: Microsoft.VisualBasic.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.Windows.Forms.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb35 source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068A2000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.pdb0_ source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.Web.Extensions.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: mscorlib.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: oVisualBasic.pdb source: i6R4NsEd8t.exe, 00000006.00000002.2399397553.0000000000FD6000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdbl source: i6R4NsEd8t.exe, 00000006.00000002.2399868403.0000000001503000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdbM0C source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068C5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdbb2 source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068C5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.ni.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.Core.pdb| source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: C:\Users\user\Desktop\i6R4NsEd8t.PDB source: i6R4NsEd8t.exe, 00000006.00000002.2399397553.0000000000FD6000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.Core.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: nLC:\Windows\Microsoft.VisualBasic.pdb source: i6R4NsEd8t.exe, 00000006.00000002.2399397553.0000000000FD6000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.Windows.Forms.pdblZ source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.Configuration.ni.pdbRSDScUN source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.ni.pdb source: WERF878.tmp.dmp.9.dr |
Source: | Binary string: System.Core.ni.pdbRSDS source: WERF878.tmp.dmp.9.dr |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: Amcache.hve.9.dr | Binary or memory string: VMware |
Source: Amcache.hve.9.dr | Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.9.dr | Binary or memory string: vmci.syshbin |
Source: Amcache.hve.9.dr | Binary or memory string: VMware, Inc. |
Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: Amcache.hve.9.dr | Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.9.dr | Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.9.dr | Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.9.dr | Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: svchost.exe, 00000001.00000002.3256313169.000001F9A9E43000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.3256396264.000001F9A9E56000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
Source: Amcache.hve.9.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMWARE |
Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: Amcache.hve.9.dr | Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMware SVGA II |
Source: Amcache.hve.9.dr | Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: Amcache.hve.9.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: i6R4NsEd8t.exe, 00000006.00000002.2399868403.0000000001503000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: Amcache.hve.9.dr | Binary or memory string: vmci.sys |
Source: Amcache.hve.9.dr | Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMware SVGA IIOData Source=localhost\sqlexpress;Initial Catalog=dbSMS;Integrated Security=True |
Source: Amcache.hve.9.dr | Binary or memory string: vmci.syshbin` |
Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: vmware |
Source: Amcache.hve.9.dr | Binary or memory string: \driver\vmci,\driver\pci |
Source: svchost.exe, 00000001.00000002.3255163176.000001F9A4829000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAWP |
Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: Amcache.hve.9.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.9.dr | Binary or memory string: VMware20,1 |
Source: Amcache.hve.9.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.9.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.9.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.9.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.9.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.9.dr | Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.9.dr | Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.9.dr | Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.9.dr | Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.9.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.9.dr | Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Queries volume information: C:\Users\user\Desktop\i6R4NsEd8t.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Queries volume information: C:\Users\user\Desktop\i6R4NsEd8t.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\i6R4NsEd8t.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation | Jump to behavior |