Windows Analysis Report
burlar al diablo napoleon hill pdf.exe

Overview

General Information

Sample name: burlar al diablo napoleon hill pdf.exe
Analysis ID: 1544849
MD5: 17435c90d059b7c3cf5e7ec1b234d81c
SHA1: 7295cd3ecfda797fbb1b422effc4284994705ff1
SHA256: 032f30a34973dea7a5d8681e946bc403d4bed8dbe6a28967213d0753b3e042b5
Infos:

Detection

Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Drops PE files with a suspicious file extension
Tries to resolve many domain names, but no domain seems valid
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates processes with suspicious names
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Suspicious Copy From or To System Directory
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication

Classification

Uses 32bit PE files
Source: burlar al diablo napoleon hill pdf.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:53541 version: TLS 1.2
Source: burlar al diablo napoleon hill pdf.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: hmmapi.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.System.Diagnostics.Telemetry.PlatformTelemetryClient.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: CertPKICmdlet.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: cmintegrator.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ffbroker.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Microsoft.Windows.Firewall.Commands.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: c:\ShilohSP4QFE\star\bin.nt\retail\x86\SQLWID.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.System.UserDeviceAssociation.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: dmscript.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: winsockai.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: XInputUap.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: pjlmon.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: CBSProvider.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WSDChngr.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MSAMRNBSink.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: dmband.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ws2_helper.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: NetSetupAI.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WFAPIGP.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wmvdspa.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: CertEnrollUI.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MTxOCI.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WSDChngr.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wmiclnt.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Startupscan.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: CertPKICmdlet.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: FolderProvider.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Startupscan.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: mssprxy.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WMICOOKR.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: httpai.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: mi.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wmi2xml.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: netfxconfig.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msjter40.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Microsoft.Msmq.Runtime.Interop.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: mi.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: odbcbcp.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: VoiceActivationManager.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: httpai.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: SmiProvider.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msadds.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: imjpapi.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: luainstall.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msdaps.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: pjlmon.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: mssph.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WmiPerfInst.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: SystemEventsBrokerClient.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WPDShServiceObj.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MshtmlDac.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: d3dxof.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WmiPerfInst.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msauserext.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.Networking.XboxLive.ProxyStub.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: SmiProvider.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WinRtTracing.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ieshims.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: windows.gaming.ui.gamebar.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: XblAuthManagerProxy.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ws2_helper.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: vdmdbg.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: VoiceActivationManager.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.Management.Workplace.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WsdProviderUtil.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: olesvr32.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: NCObjAPI.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ImgUtil.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.ApplicationModel.Background.TimeBroker.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: PlayToStatusProvider.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wdscore.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: srm_ps.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: NetSetupAI.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: vdmdbg.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msdaps.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MicrosoftAccountTokenProvider.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WmiApRpl.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: winsockai.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: CertEnrollUI.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: XblAuthTokenBrokerExt.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WFAPIGP.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wdscore.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Microsoft.Msmq.PowerShell.Commands.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wmidcom.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.Management.Workplace.WorkplaceSettings.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.Gaming.Input.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WMDMPS.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MshtmlDac.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.System.Diagnostics.TraceReporting.PlatformDiagnosticActions.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wmiclnt.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: luiapi.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wpdshext.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: odbcbcp.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: appxreg.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ntvdm64.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ffbroker.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MSAMRNBSink.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WMDMPS.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: GamePanelExternalHook.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: XboxgipSynthetic.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: XblGameSaveProxy.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: AppIdPolicyuserApi.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ImgUtil.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wmi2xml.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MSAMRNBSource.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.Management.Workplace.WorkplaceSettings.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: dmscript.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WMPMediaSharing.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: TenantRestrictionsPlugin.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: DscCoreConfProv.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: XblAuthManagerProxy.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: srm_ps.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: olethk32.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: shfusres.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: luainstall.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.Gaming.Input.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.Networking.XboxLive.ProxyStub.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: VGX.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: provthrd.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: mqise.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MSAMRNBSource.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: netfxconfig.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: XboxgipSynthetic.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WMICOOKR.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: GameChatTranscription.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: PortableDeviceStatus.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: imjpapi.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: fwcfg.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: VGX.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wmvdspa.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: PortableDeviceTypes.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msdfmap.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: XblAuthTokenBrokerExt.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: DiagnosticsHub_is.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ISymWrapper.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: NCObjAPI.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: PortableDeviceStatus.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: prvdmofcomp.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: inseng.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WinRtTracing.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: d3dxof.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: cmintegrator.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: FirewallAPI.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: prvdmofcomp.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wmidcom.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: shfusres.pdbm source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: .nt\retail\x86\SQLWOA.pdb2r source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MTxOCI.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WMDMLOG.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: AppIdPolicyuserApi.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: E:\A\_work\2\s\binaries\Win32\Release\pdmproxy100.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.System.UserDeviceAssociation.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WmiApRpl.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ieshims.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: appxreg.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: LogProvider.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: olesvr32.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ntvdm64.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: FolderProvider.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: LogProvider.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msauserext.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Microsoft.KeyDistributionService.Cmdlets.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: DiagnosticsHub_is.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: .nt\retail\x86\SQLWOA.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MSAMRNBDecoder.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Microsoft.KeyDistributionService.Cmdlets.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: olethk32.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wmpnssui.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msdfmap.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.Management.Workplace.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: SystemEventsBrokerClient.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MicrosoftAccountTokenProvider.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: PlayToStatusProvider.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: FirewallAPI.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: timezoneai.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WMPMediaSharing.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msscntrs.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.System.Diagnostics.TraceReporting.PlatformDiagnosticActions.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: GamePanelExternalHook.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: IEAdvpack.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WPDShServiceObj.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: provthrd.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Microsoft.Msmq.Runtime.Interop.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msdarem.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: CBSProvider.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: dmband.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: windows.gaming.ui.gamebar.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Microsoft.WindowsAuthenticationProtocols.Commands.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.StateRepositoryCore.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: PortableDeviceTypes.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: XInputUap.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: fwcfg.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WMDMLOG.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: DscCoreConfProv.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.ApplicationModel.Background.TimeBroker.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: GameChatTranscription.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: bootuwf.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: inseng.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msadds.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.StateRepositoryCore.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Microsoft.WindowsAuthenticationProtocols.Commands.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MSAMRNBDecoder.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: hmmapi.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: CustomMarshalers.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wmpnssui.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: IEAdvpack.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: dsclient.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: TenantRestrictionsPlugin.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ISymWrapper.pdb#" source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: bootuwf.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.System.UserProfile.DiagnosticsSettings.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: mssprxy.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WsdProviderUtil.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: luiapi.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.System.UserProfile.DiagnosticsSettings.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: mssph.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.System.Diagnostics.Telemetry.PlatformTelemetryClient.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msscntrs.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: timezoneai.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: mqise.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: dsclient.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msdarem.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: XblGameSaveProxy.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wpdshext.pdb source: burlar al diablo napoleon hill pdf.exe
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Code function: 0_2_004062D5 FindFirstFileW,FindClose, 0_2_004062D5
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Code function: 0_2_00402E18 FindFirstFileW, 0_2_00402E18
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Code function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW, 0_2_00406C9B
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\AppData\Local\Temp\690727 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\AppData\Local\Temp\ Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\AppData\Local\Temp\690727\ Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\AppData\Local\ Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\ Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\AppData\ Jump to behavior

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2056835 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (activedomest .sbs) : 192.168.2.6:49521 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056844 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (definitib .sbs) : 192.168.2.6:60732 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056838 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (arenbootk .sbs) : 192.168.2.6:51511 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056832 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (offybirhtdi .sbs) : 192.168.2.6:49428 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056853 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ostracizez .sbs) : 192.168.2.6:63070 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056841 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mediavelk .sbs) : 192.168.2.6:49437 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056850 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (strikebripm .sbs) : 192.168.2.6:51090 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056847 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (elaboretib .sbs) : 192.168.2.6:59416 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:53541 -> 104.102.49.254:443
Tries to resolve many domain names, but no domain seems valid
Source: unknown DNS traffic detected: query: elaboretib.sbs replaycode: Name error (3)
Source: unknown DNS traffic detected: query: trappysno.cyou replaycode: Name error (3)
Source: unknown DNS traffic detected: query: definitib.sbs replaycode: Name error (3)
Source: unknown DNS traffic detected: query: offybirhtdi.sbs replaycode: Name error (3)
Source: unknown DNS traffic detected: query: ostracizez.sbs replaycode: Name error (3)
Source: unknown DNS traffic detected: query: mediavelk.sbs replaycode: Name error (3)
Source: unknown DNS traffic detected: query: arenbootk.sbs replaycode: Name error (3)
Source: unknown DNS traffic detected: query: aWBQBumKUJoWuGshZMLv.aWBQBumKUJoWuGshZMLv replaycode: Name error (3)
Source: unknown DNS traffic detected: query: strikebripm.sbs replaycode: Name error (3)
Source: unknown DNS traffic detected: query: activedomest.sbs replaycode: Name error (3)
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.102.49.254 104.102.49.254
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: AKAMAI-ASUS AKAMAI-ASUS
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic DNS traffic detected: DNS query: aWBQBumKUJoWuGshZMLv.aWBQBumKUJoWuGshZMLv
Source: global traffic DNS traffic detected: DNS query: trappysno.cyou
Source: global traffic DNS traffic detected: DNS query: ostracizez.sbs
Source: global traffic DNS traffic detected: DNS query: strikebripm.sbs
Source: global traffic DNS traffic detected: DNS query: elaboretib.sbs
Source: global traffic DNS traffic detected: DNS query: definitib.sbs
Source: global traffic DNS traffic detected: DNS query: mediavelk.sbs
Source: global traffic DNS traffic detected: DNS query: arenbootk.sbs
Source: global traffic DNS traffic detected: DNS query: activedomest.sbs
Source: global traffic DNS traffic detected: DNS query: offybirhtdi.sbs
Source: global traffic DNS traffic detected: DNS query: steamcommunity.com
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://Passport.NET/purposehr
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://activity.windows.com/user-activity.jsonWindows.Internal.StateRepository.ApplicationResourceRe
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: burlar al diablo napoleon hill pdf.exe, 00000000.00000003.2250087979.0000000002893000.00000004.00000020.00020000.00000000.sdmp, Sized.0.dr, Sodium.pif.2.dr String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: burlar al diablo napoleon hill pdf.exe, 00000000.00000003.2250087979.0000000002893000.00000004.00000020.00020000.00000000.sdmp, Sized.0.dr, Sodium.pif.2.dr String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: burlar al diablo napoleon hill pdf.exe, 00000000.00000003.2250087979.0000000002893000.00000004.00000020.00020000.00000000.sdmp, Sized.0.dr, Sodium.pif.2.dr String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: burlar al diablo napoleon hill pdf.exe, 00000000.00000003.2250087979.0000000002893000.00000004.00000020.00020000.00000000.sdmp, Sized.0.dr, Sodium.pif.2.dr String found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://crl.mi
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://crl.microso
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://crl.mit
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://localhost/data.svc
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://ocsp.digicert.com0
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://ocsp.digicert.com0A
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://ocsp.digicert.com0X
Source: burlar al diablo napoleon hill pdf.exe, 00000000.00000002.2307850571.000000000041F000.00000004.00000001.01000000.00000003.sdmp String found in binary or memory: http://ocsp2.gS
Source: burlar al diablo napoleon hill pdf.exe, 00000000.00000002.2307850571.000000000041F000.00000004.00000001.01000000.00000003.sdmp String found in binary or memory: http://ocsp2.gShell
Source: burlar al diablo napoleon hill pdf.exe, 00000000.00000003.2250087979.0000000002893000.00000004.00000020.00020000.00000000.sdmp, Sized.0.dr, Sodium.pif.2.dr String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: burlar al diablo napoleon hill pdf.exe, 00000000.00000003.2250087979.0000000002893000.00000004.00000020.00020000.00000000.sdmp, Sized.0.dr, Sodium.pif.2.dr String found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: burlar al diablo napoleon hill pdf.exe, 00000000.00000003.2250087979.0000000002893000.00000004.00000020.00020000.00000000.sdmp, Sized.0.dr, Sodium.pif.2.dr String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://schemas.xmlsoap.org/disco/scl/
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://schemas.xmlsoap.org/disco/soap/S
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://schemas.xmlsoap.org/wsdl/2003-02-11.xsd
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap/2003-02-11.xsd.
Source: burlar al diablo napoleon hill pdf.exe, 00000000.00000003.2250087979.0000000002893000.00000004.00000020.00020000.00000000.sdmp, Sized.0.dr, Sodium.pif.2.dr String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: burlar al diablo napoleon hill pdf.exe, 00000000.00000003.2250087979.0000000002893000.00000004.00000020.00020000.00000000.sdmp, Sized.0.dr, Sodium.pif.2.dr String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: burlar al diablo napoleon hill pdf.exe, 00000000.00000003.2250087979.0000000002893000.00000004.00000020.00020000.00000000.sdmp, Sodium.pif, 0000000B.00000000.2299939833.0000000000D89000.00000002.00000001.01000000.00000006.sdmp, Sized.0.dr, Sodium.pif.2.dr String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://www.digicert.com/CPS0
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://www.microsoft.R
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://www.ws-i.org/Profiles/BasicProfile-1.1.html
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://www.xmlspy.com)
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2core
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: https://aka.ms/iris-actions.WNF_SHEL_PPI_WIN32VTCAPP_PROCESS_STARTEDThis
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: https://go.microsoft
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: https://osgwiki.com/wiki/Manifest_Request
Source: burlar al diablo napoleon hill pdf.exe, 00000000.00000003.2250087979.0000000002893000.00000004.00000020.00020000.00000000.sdmp, Sized.0.dr, Sodium.pif.2.dr String found in binary or memory: https://www.autoitscript.com/autoit3/
Source: Sodium.pif.2.dr String found in binary or memory: https://www.globalsign.com/repository/0
Source: burlar al diablo napoleon hill pdf.exe, 00000000.00000003.2250087979.0000000002893000.00000004.00000020.00020000.00000000.sdmp, Sized.0.dr, Sodium.pif.2.dr String found in binary or memory: https://www.globalsign.com/repository/06
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: https://xsts.auth.xboxlive.comHttpMethodUrlRequestHeadersForceRefreshAllUsersRequestBodyBase64user.a
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53541
Source: unknown Network traffic detected: HTTP traffic on port 53541 -> 443
Source: unknown HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:53541 version: TLS 1.2
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Code function: 0_2_004050CD GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_004050CD
Contains functionality to retrieve information about pressed keystrokes
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Code function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, 0_2_004044A5
Creates a DirectInput object (often for capturing keystrokes)
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: DirectInput8Create memstr_88e998ad-d
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Code function: 0_2_00403883 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx, 0_2_00403883
Creates files inside the system directory
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe File created: C:\Windows\CirclesChild Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe File created: C:\Windows\StuffedSynthetic Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Code function: 0_2_0040497C 0_2_0040497C
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Code function: 0_2_00406ED2 0_2_00406ED2
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Code function: 0_2_004074BB 0_2_004074BB
Dropped file seen in connection with other malware
Source: Joe Sandbox View Dropped File: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Code function: String function: 004062A3 appears 57 times
Sample file is different than original file name gathered from version info
Source: burlar al diablo napoleon hill pdf.exe, 00000000.00000003.2250087979.0000000002893000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameAutoIt3.exeB vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameSQLWOA.DLLJ vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamepclxl.dllh$ vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamepclxl.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamepclxl.dlll& vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameLICMGR10.DLLD vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameMSAMRNBSink.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWSearchMigPlugin.dll@ vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamehttpai.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWbemPerfClass.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameSystem.Runtime.Remoting.resources.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameFileTrackerUI.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameMSAMRNBDecoder.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWorkflowServiceHostPerformanceCounters.dll.muiT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameSystem.Web.Entity.resources.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameapisetstubj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamemicrosoft.visualbasic.compatibility.resources.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamewmicookr.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamemicrosoft.visualbasic.compatibility.resource vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamemferror.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamePNGFILT.DLLD vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamemofd.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameMSHTMLER.DLLD vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameCustomMarshalers.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamepcl5ures.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamesqmapi.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilename vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamend3 vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamealinkui.dll^ vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameVBAJET32.DLLp( vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameImagingProvider.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWindows.UI.XamlHost.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameAcWow64.DLLj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamedsclient.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameMicrosoft.Dtc.PowerShell.resources.dll~/ vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamenetfxconfig.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameCasPol.resources.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamepdmproxy100.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamedmband.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamewmiutils.dll.muir) vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameImagingProvider.dll.muir) vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamefwcfg.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameSystem.DirectoryServices.resources.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamesrm.libj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWfHC.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameMSAUserExt.DLLj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamedmigr.dll;+ProductNameMicrosoft vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamegcdef.dlll<+ProductNameMicrosoft vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamegcdef.dllv+ vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamergchand.dll4$ProductNameMicrosoft vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamegchand.dllh$ vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamelMSVCRT.DLL, vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameMSVCRT.DLLR vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamePID.DLL<+ProductNameMicrozadr~ vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamepclxl.dllr) vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamemscorrc.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameSystem.Data.SqlXml.resources.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameADVPACK.DLLD vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameMicrosoft.AppV.AppvClientComConsumer.resources.dll~/ vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameodbccr32.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamemsdasqlr.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamePhotoAcq.dll.muir) vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameServiceModelPerformanceCounters.dll.muiT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameshfusres.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamenapcrypt.DLLj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamePJLMON.DLLj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameEdmGen.resources.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamempasdesc.dll.muir) vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameServiceModelInstallRC.dll.muiT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWlidRes.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameSystem.DirectoryServices.Protocols.resources.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameappxreg.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameCertPKICmdletj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameodbcbcp.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamed3dxof.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWSDChngr.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamepcl5ures.dllh$ vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamepcl5ures.dllf# vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameSystem.Data.Entity.Design.resources.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameodbcjt32.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamentvdm64.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamemsdasql.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameprovthrd.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameMicrosoft.Msmq.PowerShell.Commands.resources.dll~/ vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameSQLWID.DLLJ vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWindows.ApplicationModel.Background.TimeBroker.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameMSJINT40.DLL.MUID vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameMSJINT40.DLLD vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameMicrosoft.Msmq.Activex.Interop.dllx, vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameSRM_PS.DLLj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamegamemode.dll vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamewofutil.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWMPNSSUI.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamepcl5eres.dllf# vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamepcl5eres.dllp( vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamerepdrvfs.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamep2pnetsh.dll.muir) vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamemsdaora.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWMDMLOG.dllZ vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamepclxl.dllv+ vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamepclxl.dlln' vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameMicrosoft.Jscript.resources.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamewfapigp.DLLj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWBEMDISP.DLLj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameGameChatTranscription.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamemsorcl32.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameSystem.EnterpriseServices.resources.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameMinstoreEvents.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameVDMDBGj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameXblGameSaveProxy.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameauthfwgp.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameSystem.Web.Mobile.resources.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameHMMAPI.DLLD vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameOLETHK32.DLLj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameSystemEventsBrokerClient.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameSystem.Security.resources.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameXblAuthTokenBrokerExt.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameappxprovisionpackage.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWindows.Management.Workplace.WorkplaceSettings.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWMPMediaSharing.DLLj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWbemPerfInst.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamemssprxy.dll@ vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameMSBuild.resources.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamePortableDeviceApi.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameMSAC3ENC.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWMDMPS.dllZ vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameodbccu32.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameSystem.Runtime.Serialization.Formatters.Soap.resources.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWindows.ApplicationModel.B vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameinseng.dllD vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameCVTRESUI.DLLT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamepclxl.dllf# vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamepclxl.dllp( vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWindows.StateRepositoryCore.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameSystem.Transactions.resources.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameMicrosoft.SecureBoot.Commands.dllv+ vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamesbscmp10.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamewcp.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameSystem.Drawing.resources.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameMicrosoft.Transactions.Bridge.Dtc.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamewmi2xml.DLLj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameDataSvcUtil.resources.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamewindows.gaming.ui.gamebar.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameSystem.Configuration.Install.resources.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamewmvxencd.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWindows.System.Diagnostics.TraceReporting.PlatformDiagnosticActions.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameServiceModelRegUI.dll.muiT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenametimezoneai.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameServiceModelEvents.dll.muiT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameSystem.Messaging.resources.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameServiceModelEvents.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWMIApRpl.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamesystem.management.resources.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamemscorsecr.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWindows.Managemen;;;LA)(A;NP;CC;;;SY)(A;NP;CC;;;NS)(A;NP;CC;;;LS)LibraryOpenCollectCloseWmiAdapterGlobal\MEMORYGuard_ReaderGlobal\MEMORYGuard_WritterCOSTLYGLOBAL %s %d WMIApSrvGlobal\WmiAdapterInitGlobal\WmiReverseAdapterMemoryGlobal\WmiAdapterDataReadyGlobal\WmiAdapterUninit%s_%dFirst CounterFirst HelpSOFTWARE\Microsoft\Windows NT\CurrentVersion\PerfLibEventLogLevelWmiApRplGlobal\RefreshRA_MutexGlobal\RefreshRA_Mutex_LibGlobal\RefreshRA_Mutex_FlagGlobal\WMI_RevAdap_SetGlobal\WMI_RevAdap_ACK\\.\root\cimv2\\.\root\wmiWQLselect * from meta_class where __this isa "Win32_PerfRawData"providerHiPerfabstractgenericgenericperfctrcookeddefaultscaleperfdetailcountertypeSOFTWARE\Microsoft\Wbem\CIMOMWorking Directory\Performance\SOFTWARE\Microsoft\WBEM\PROVIDERS\PerformancePerformance DataPerformance RefreshPerformance RefreshedSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameSystem.Data.Services.Client.resources.dllT vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamepkmcntrs.dll@ vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamemi.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamePe vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamesmphost.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameOfflineSetupProvider.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameMFC40.DLL.MUIR vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameGamePanelExternalHook.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamepcl5u vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamesrmtrace.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamePw vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamecoreglobconfig.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameCDOSYS.DLL.MUIj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWindows.Networking.XboxLive.ProxyStub.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamemsdaps.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameGenericProvider.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameWindows.System.Profile.PlatformDiagnosticsAndUsageDataSettings.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamebootvhd.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamepcl5eres.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamepcl5eres.dllh$ vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameir41_qcx.dll vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameMicrosoft.PowerShell.PackageManagement.resources.dll~/ vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamecmintegrator.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameXInputUap.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameNETDRIVERINSTALL.DLLj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameMicrosoft.ConfigCI.Commands.resources.dll~/ vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenamestartupscan.dllj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameMQISE.DLLj% vs burlar al diablo napoleon hill pdf.exe
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: OriginalFilenameFsrmStorMod.dllj% vs burlar al diablo napoleon hill pdf.exe
Uses 32bit PE files
Source: burlar al diablo napoleon hill pdf.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: burlar al diablo napoleon hill pdf.exe Binary string: ] (GLE = 0x%x); retrying...DeletePath: Failed to obliterate [%s] after %d tries; GLE = 0x%x%s\%s\\?\UNC?:\CreatePath: Unable to create [%s]; GLE = 0x%xCreatePath: Unable to create parent directory for [%s]; GLE = 0x%x\\?\\\?\GLOBALROOT\Device\\ExceptionReturnHrLogHrFailFast%hs(%u)\%hs!%p: %hs!%p: (caller: %p) %hs(%d) tid(%x) %08X %ws Msg:[%ws] CallContext:[%hs] [%hs(%hs)]
Source: burlar al diablo napoleon hill pdf.exe Binary string: CopyDirectoryDirCallback: The copy was canceled by the user.CopyDirectoryFileCallback: The copy was canceled by the user.user32.dllSendMessageWmovecopyCopyDirectoryFileCallback: Unable to %s file from [%s] to [%s]; GLE = 0x%xCopyDirectoryEx2: Specified directory [%s] doesn't existCopyDirectoryEx2: Failed to copy [%s] to [%s], GLE = 0x%x; will retry in %u ms; am on try %u.\\?\UNCCreatePath: Unable to create [%s]; GLE = 0x%xCreatePath: Unable to create parent directory for [%s]; GLE = 0x%x\\?\GLOBALROOT\Device\\{bf1a281b-ad7b-4476-ac95-f47682990ce7}..{}..
Source: burlar al diablo napoleon hill pdf.exe Binary string: \\?\Volume\??\\DosDevices\UNC\\DosDevices\\SystemRoot\Device\HarddiskVolume\\?\HarddiskVolumeRtlTrimNtPathSegmentRtlIsLUnicodeStringValid(Segment)RtlCombineNtPathSegments(PathSegmentCount == 0) || (PathSegments != 0)BytesLeft >= sizeof(WCHAR)BytesLeft >= BytesToCopy::RtlIsLUnicodeStringValid(FullPath)RtlSplitNtPathRtlValidateSubPathIsNotSelfOrParentNot-null check failed: pclSubPathNot-null check failed: pfIsNotSelfOrParentonecore\base\lstring\lunicode_string.cpp(Bytes % sizeof(WCHAR)) == 0String->Buffer = reinterpret_cast<PWSTR>((*RtlAllocateStringRoutine)(Bytes))RtlAllocateLUnicodeStringRtlCopyLUnicodeStringNot-null check failed: Destination(Destination->Buffer != 0) || (Destination->MaximumLength == 0)RtlIsLUnicodeStringValid(Source)SourceLength <= Destination->MaximumLengthRtlDuplicateLUnicodeString::RtlIsUnicodeStringValid(Source)RtlDuplicateCountedStringToLUnicodeStringNot-null check failed: StringInBufferStringInLengthChars <= (((SIZE_T)~((SIZE_T)0)) / sizeof(WCHAR))RtlInitLUnicodeStringFromUnicodeStringRtlInitUnicodeStringFromLUnicodeString::RtlIsLUnicodeStringValid(Source)BUCL::Rtl::ConvertInteger(Source->Length, Length)BUCL::Rtl::ConvertInteger(Source->MaximumLength, MaximumLength)RtlInitLUnicodeStringFromNullTerminatedStringcch <= (((((SIZE_T)~((SIZE_T)0)) - (((SIZE_T)~((SIZE_T)0)) % sizeof(WCHAR))) / sizeof(WCHAR)) - 1)RtlDuplicateNullTerminatedStringToLUnicodeStringNot-null check failed: NullTerminatedStringInRtlSplitLUnicodeStringNot-null check failed: String::RtlIsLUnicodeStringValid(String)Not-null check failed: BeforeCharNot-null check failed: AfterCharRtlConcatenateLUnicodeStrings(SourceCount == 0) || (Sources != 0)::RtlIsLUnicodeStringValid(&Sources[i])BUCL::Rtl::AddInPlaceWithOverflowCheck(&MaximumLength, Sources[i].Length)RtlAppendLUnicodeStringToLUnicodeString::RtlIsLUnicodeStringValid(Destination)Not-null check failed: SourceNotU
Source: burlar al diablo napoleon hill pdf.exe Binary string: X Failed search path is >= MAX_PATH!DeletePathDirectoryCallback: Spoofing detected deleting [%s] -> [%s]<unavailable>sDeletePathuser: Hit %d failure%s during recursive deletion of [%s]; 1st error = 0x%x, cd = [%s]DeletePath: Cannot delete <null>.DeletePath: [%s] doesn't exist as a directory; nothing to delete.DeletePath: Attempting to delete [%s] (final path [%s]).DeletePath: Failed to obliterate [%s] (GLE = 0x%x); retrying...DeletePath: Failed to obliterate [%s] after %d tries; GLE = 0x%x%s\%s\\?\UNC?:\CreatePath: Unable to create [%s]; GLE = 0x%xCreatePath: Unable to create parent directory for [%s]; GLE = 0x%x\\?\\\?\GLOBALROOT\Device\\ExceptionReturnHrLogHrFailFast%hs(%u)\%hs!%p: %hs!%p: (caller: %p) %hs(%d) tid(%x) %08X %ws Msg:[%ws] CallContext:[%hs] [%hs(%hs)]
Source: burlar al diablo napoleon hill pdf.exe Binary string: NTSTATUS: %3%reparse_and_set_full_path<class open_key_vreg_request,class validate_open_key_params>::doit\Registry\reparse_and_set_full_path<class create_key_vreg_request,class validate_create_key_params>::doitSuccessfully reparsed '%1%' to '%2%'.reparse_and_set_full_path<class open_key_vreg_request,class validate_open_key_params>::DoReparsereparse_and_set_full_path<class create_key_vreg_request,class validate_create_key_params>::DoReparseFailed to reparse full path: %1%. NTSTATUS: %2%ReadFailed to find %1% policy for the path '%2%'. NTSTATUS: %3%ve_info_lookup_impl::GetWritePolicyWriteve_info_lookup_impl::GetReadPolicyInprocHandler32InprocServercommandLocalServerInprocServer32InprocHandlerLocalServer32\REGISTRY\MACHINE\SYSTEM\\REGISTRY\MACHINE\SAM\\REGISTRY\MACHINE\SOFTWARE\\REGISTRY\MACHINE\SECURITY\\REGISTRY\MACHINE\related_name_resolver::initFailed to map NT object name for %1% in name mapper.Failed to get NT device name for %1% in name mapper. Error: %2%related_name_resolver::get_name_by_handle\Device\Wow64DisableWow64FsRedirectionwow64_name_mapper::init_mappingsFailed to initialize system root and system wow64 root in wow64 mapper. Error: %1%wow64_name_mapper::initWow64 mapper detected process running under wow64.\HostDriverStore\logfile
Source: burlar al diablo napoleon hill pdf.exe Binary string: KeyWSHDeleteValueASHDeleteValueWSHEnumKeyExASHEnumKeyExWSHEnumValueASHEnumValueWSHGetValueASHGetValueWSHOpenRegStream2ASHOpenRegStream2WSHOpenRegStreamASHOpenRegStreamWSHQueryInfoKeyASHQueryInfoKeyWSHQueryValueExASHQueryValueExWSHRegCreateUSKeyASHRegCreateUSKeyWSHRegDeleteEmptyUSKeyASHRegDeleteEmptyUSKeyWSHRegDeleteUSValueASHRegDeleteUSValueWSHRegEnumUSKeyASHRegEnumUSKeyWSHRegEnumUSValueASHRegEnumUSValueWSHRegGetBoolUSValueASHRegGetBoolUSValueWSHRegGetIntWSHRegGetPathASHRegGetPathWSHRegGetUSValueASHRegGetUSValueWSHRegGetValueASHRegGetValueWSHRegOpenUSKeyASHRegOpenUSKeyWSHRegQueryInfoUSKeyASHRegQueryInfoUSKeyWSHRegQueryUSValueASHRegQueryUSValueWSHRegSetPathASHRegSetPathWSHRegSetUSValueASHRegSetUSValueWSHRegWriteUSValueASHRegWriteUSValueWSHSetValueASHSetValueWabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZNULPRNCONAUXLPTCOM\\\??\UNC\\Device\\pipe\\\?Software\Microsoft\Internet Explorer\LowRegistry\IEShims\NormalizedPathsRegCreateKeyARegCreateKeyWRegCreateKeyExARegCreateKeyExWRegOpenKeyARegOpenKeyWRegOpenKeyExA\REGISTRY\MACHINEHKCRHKCUUnknownRegOpenKeyExW%s\%sRegDeleteKeyARegDeleteKeyWRegSetValueARegSetValueWRegQueryValueARegQueryValueWRegQueryValueExARegQueryValueExWRegQueryInfoKeyARegQueryInfoKeyWRegEnumKeyARegEnumKeyWRegEnumKeyExARegEnumKeyExWRegEnumValueARegEnumValueW\REGISTRY\CUSER\SoftwareHKCU_S\REGISTRY\MACHINE\SoftwareHKLM_SRegCreateKeyARegCreateKeyWRegCreateKeyExARegOpenKeyARegOpenKeyWRegOpenKeyExARegCloseKeyRegDeleteKeyARegDeleteKeyWRegSetValueARegSetValueWRegQueryValueWRegQueryValueExARegQueryValueExWRegQueryInfoKeyARegQueryInfoKeyWRegEnumKeyARegEnumKeyWRegEnumKeyExARegEnumKeyExWRegEnumValueARegEnumValueWSoftware\Microsoft\Windows\SoOnFailure>
Source: burlar al diablo napoleon hill pdf.exe Binary string: .CRT$XCAervice parameters key; continuing onNetBIOSFailed to read supported protocols; continuing onHelperDllNameFailed to read helper DLL path; continuing onTranslator failedExpanded length exceeds max path lengthExpanded length is zeroCould not load helper DLLWSHEnumProtocolsCould not enumerate any protocols from helper DLLCaught exception while enumerating protocolsNo protocols to enumerateFailed to allocate memory for protocolInfo11Failed to enumerate protocolsMappingFailed to read mapping dataMapping data is invalidFailed to open protocolServiceFlagsFailed to read the service flags valueProviderFlagsFailed to read the provider flags valueVersionFailed to read the version valueAddressFamilyFailed to read the address family valueMaxSockAddrLengthFailed to read the max socket address length valueMinSockAddrLengthFailed to read the min socket address length valueSocketTypeFailed to read the socket type valueProtocolFailed to read the protocol valueProtocolMaxOffsetFailed to read the protocol max offset valueByteOrderFailed to read the network byte order valueMessageSizeFailed to read the message size valueszProtocolFailed to read the protocol string valueFailed to open provider parameters keyFailed to read number of subkeysFailed to fill protocol info 2 from key nameWSHGetWSAProtocolInfoCaught exception while getting WSA protocol infoFailed to allocate space for protocolInfo2Caught exception when copying over protocol info 2TcpIp [Pseudo Stream]RAW/IPMSAFD %s [%s]\device\STREAMDATAGRAMRAWRDMSEQPACKET%dMSAFD %s [%s] %s %dFailed to get number of protocols for reorderingFailed to allocate space for rgProts
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: .SLN,
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: /ignoreprojectextensions:.vcproj,.sln
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: C#/VB/VJ# (.CSPROJ, .VBPROJ,
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: , MSBuild.exe Solution.sln /p:Configuration=Debug /p:Platform="Any CPU")
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: C#/VB/VJ# (.CSPROJ, .VBPROJ, .VJSPROJ)
Source: classification engine Classification label: mal64.troj.evad.winEXE@22/13@11/1
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Code function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, 0_2_004044A5
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Code function: 0_2_004024FB CoCreateInstance, 0_2_004024FB
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4148:120:WilError_03
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe File created: C:\Users\user\AppData\Local\Temp\nspD15D.tmp Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Price Price.bat & Price.bat
Source: burlar al diablo napoleon hill pdf.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: burlar al diablo napoleon hill pdf.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 47.62%
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: Arm-Stop3
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: Arm-Stop3hr
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: Initialize-Start
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: Initialize-StartszDeviceId
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: SetWakePattern-Start
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: +SetWakePattern-StartSize
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: GetKeywordDetectorDeviceInterfaceId-Start
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: -GetKeywordDetectorDeviceInterfaceId-Start
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: Arm-Stop2
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: Arm-Stop2hr
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: Arm-Start
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: Arm-StartfArm
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: GetKeywordDetectorDeviceInterfaceId-Stop
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: 1GetKeywordDetectorDeviceInterfaceId-Stophr
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: Arm-Stop1
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: Arm-Stop1hr
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: Initialize-Stop
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: Initialize-Stophr
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: GetSupportedWakePatternTypes-Start
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: &GetSupportedWakePatternTypes-Start
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: SetWakePattern-Stop
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: SetWakePattern-Stophr
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: GetSupportedWakePatternTypes-Stop
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: *GetSupportedWakePatternTypes-Stophr
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: Cleanup-Stop
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: Cleanup-Stopthis
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: IsPropertySupported-Start
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: #IsPropertySupported-Startthis
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: AsyncHandler-Start
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: AsyncHandler-Startthis
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: CreateWorkItemThread-Stop
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: #CreateWorkItemThread-Stopthis
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: Arm-Stop
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: Arm-Stopthis
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: InternalAcquireResources-Start
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: (InternalAcquireResources-Startthis
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: RegisterEventHandler-Stop
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: #RegisterEventHandler-Stopthis
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: CMNotificationCallback-Start
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: &CMNotificationCallback-Startthis
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: IsVoiceActivationSupported-Start
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: *IsVoiceActivationSupported-Startthis
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: UnregisterEventHandler-Start
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: 0UnregisterEventHandler-Startthis
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: InternalArm-Start
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: *InternalArm-Startthis
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: Initialize-Stopthis
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: GetSupportedFeature-Stop
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: -GetSupportedFeature-Stopthis
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: ResourceNotificationCallback-Stop
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: +ResourceNotificationCallback-Stopthis
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: InternalArm-Stop
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: InternalArm-Stopthis
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: 3GetKeywordDetectorDeviceInterfaceId-Startthis
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: IsPatternRequired-Start
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: !IsPatternRequired-Startthis
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: :SetWakePattern-Startthis
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: /AddDriverObjectId
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: . \r\n\r\n/InstallStateDir=[
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: /Add-Driver {/Driver:<folder_containing_INF> | /Driver:<path_to_driver.inf>}
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: DISM.exe /Image:C:\test\offline /Add-Driver
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: /Add-Driver {/Driver:<?
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: Active Dixt:sequencetext:sequence-decltext:sequence-declstext:sequence-reftext:sheet-nametext:soft-page-breaktext:sort-keytext:spantext:subjecttext:table-formulatext:table-indextext:table-index-entry-templatetext:table-index-sourcetext:table-of-contenttext:table-of-content-entry-templatetext:table-of-content-sourcetext:template-nametext:text-inputtext:timetext:toc-marktext:toc-mark-endtext:toc-mark-starttext:tracked-changestext:user-definedtext:user-field-decltext:user-field-declstext:user-field-gettext:user-field-inputtext:user-indextext:user-index-entry-templatetext:user-index-marktext:user-index-mark-endtext:user-index-mark-starttext:user-index-sourcetext:variable-decltext:variable-declstext:variable-gettext:variable-inputtext:variable-setxforms:modeltext:page-counttext:paragraph-counttext:word-counttext:character-counttext:table-counttext:image-counttext:object-counttext:reference-reftext:bookmark-ref
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: CUxpUIWrapper::OnControlActivateCUxpUIWrapper::OnDialogCreatedCUxpUIWrapper::QueryInterfaceCUxpUIWrapper::AddAuthContexthr = VerifyUIEnabled()hr = g_pPPCRL->GetAuthenticationContextStore()->DestroyAuthContext(m_uiContextHandle)hr = g_pPPCRL->GetAuthenticationContextStore()->AddAuthContext(m_uiContextHandle)CUxpUIWrapper::SetSvcHandlehSvcHandle != INVALID_WLIDHANDLECUxpUIWrapper::GetSvcHandleCUxpUIWrapper::SetInputPropCUxpUIWrapper::GetOutputProphr = g_pPPCRL->GetAuthenticationContextStore()->GetAuthContextFromExternalHandle(m_uiContextHandle, m_InternalAuthContextHandle)CUxpUIWrapper::GetAuthContextHandleCUxpUIWrapper::SetErrorDatahr = UnpackErrorData(strErrorBlob, lAuthStat, lAuthRequired, lRequestStatus, strErrorURL)hr = SetInputProp(k_wstrInProp_LastLoginType, CT_EID)hr = SetInputProp(k_wstrInOutProp_LoginType, CT_EID)hr = SetInputProp(k_wstrInProp_ForceFed, x_wstrUIOptionValueTRUE)CUxpUIWrapper::UnpackErrorData xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:tb="http://schemas.microsoft.com/trustbridge/schema#1" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wlid="http://schemas.microsoft.com/windlowliveid/2007/01/sts"CreateDOM failed (0x%x).LoadXMLPairs fail. hr = 0x%xCUxpUIWrapper::SetCustomizationDatapcCoBrandingData != NULLCUxpUIWrapper::__LaunchSigninDialoghr = uxDllWrapper.WlidUxCreateObject( __uuidof(UxSigninDialog), __uuidof(IUxSigninDialog2), reinterpret_cast<void**>(&spUxSigninDialog))spUxSigninDialog != NULLhr = CStringSrv::GetStringForID(L_TEXT_WINDOWS_LIVE_ID_T, wstrLocAppName)hr = spUxSigninDialog->Initialize( wstrLocAppName.GetString(), true, pICallback)hr = spUxSigninDialog->GetSettings(&spUxSigninDialogSettings)spUx
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: caspol -addfulltrust <
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: caspol -addgroup <
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: caspol -addpset { <
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: DISM.exe /Image:C:\test\offline /Add-Driver /Driver:D:\Drivers /recurse
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: HSmark-starttext:alphabetical-index-sourcetext:author-initialstext:author-nametext:bibliographytext:bibliography-configurationtext:bibliography-entry-templatetext:bibliography-marktext:bibliography-sourcetext:bookmarktext:bookmark-endtext:bookmark-starttext:changetext:change-endtext:change-starttext:changed-regiontext:conditional-texttext:creation-datetext:creation-timetext:creatortext:database-displaytext:database-next
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: api-ms-win-stateseparation-helpers-l1-1-0.dll
Source: burlar al diablo napoleon hill pdf.exe String found in binary or memory: GetPersistedRegistryLocationWapi-ms-win-stateseparation-helpers-l1-1-0.dll
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe File read: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe "C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe"
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Price Price.bat & Price.bat
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 690727
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "AviationLauraUhFujitsu" Fraction
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Removal + ..\Facial + ..\Shoe + ..\Greene + ..\Ncaa + ..\Dying + ..\Principle M
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Sodium.pif M
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Price Price.bat & Price.bat Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 690727 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "AviationLauraUhFujitsu" Fraction Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Removal + ..\Facial + ..\Shoe + ..\Greene + ..\Ncaa + ..\Dying + ..\Principle M Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Sodium.pif M Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5 Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: cmdext.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\choice.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: Window Recorder Window detected: More than 3 window changes detected
Source: burlar al diablo napoleon hill pdf.exe Static file information: File size 939485968 > 1048576
Source: burlar al diablo napoleon hill pdf.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: hmmapi.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.System.Diagnostics.Telemetry.PlatformTelemetryClient.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: CertPKICmdlet.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: cmintegrator.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ffbroker.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Microsoft.Windows.Firewall.Commands.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: c:\ShilohSP4QFE\star\bin.nt\retail\x86\SQLWID.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.System.UserDeviceAssociation.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: dmscript.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: winsockai.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: XInputUap.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: pjlmon.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: CBSProvider.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WSDChngr.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MSAMRNBSink.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: dmband.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ws2_helper.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: NetSetupAI.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WFAPIGP.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wmvdspa.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: CertEnrollUI.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MTxOCI.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WSDChngr.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wmiclnt.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Startupscan.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: CertPKICmdlet.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: FolderProvider.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Startupscan.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: mssprxy.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WMICOOKR.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: httpai.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: mi.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wmi2xml.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: netfxconfig.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msjter40.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Microsoft.Msmq.Runtime.Interop.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: mi.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: odbcbcp.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: VoiceActivationManager.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: httpai.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: SmiProvider.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msadds.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: imjpapi.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: luainstall.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msdaps.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: pjlmon.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: mssph.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WmiPerfInst.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: SystemEventsBrokerClient.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WPDShServiceObj.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MshtmlDac.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: d3dxof.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WmiPerfInst.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msauserext.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.Networking.XboxLive.ProxyStub.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: SmiProvider.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WinRtTracing.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ieshims.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: windows.gaming.ui.gamebar.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: XblAuthManagerProxy.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ws2_helper.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: vdmdbg.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: VoiceActivationManager.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.Management.Workplace.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WsdProviderUtil.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: olesvr32.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: NCObjAPI.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ImgUtil.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.ApplicationModel.Background.TimeBroker.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: PlayToStatusProvider.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wdscore.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: srm_ps.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: NetSetupAI.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: vdmdbg.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msdaps.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MicrosoftAccountTokenProvider.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WmiApRpl.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: winsockai.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: CertEnrollUI.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: XblAuthTokenBrokerExt.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WFAPIGP.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wdscore.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Microsoft.Msmq.PowerShell.Commands.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wmidcom.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.Management.Workplace.WorkplaceSettings.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.Gaming.Input.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WMDMPS.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MshtmlDac.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.System.Diagnostics.TraceReporting.PlatformDiagnosticActions.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wmiclnt.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: luiapi.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wpdshext.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: odbcbcp.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: appxreg.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ntvdm64.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ffbroker.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MSAMRNBSink.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WMDMPS.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: GamePanelExternalHook.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: XboxgipSynthetic.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: XblGameSaveProxy.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: AppIdPolicyuserApi.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ImgUtil.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wmi2xml.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MSAMRNBSource.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.Management.Workplace.WorkplaceSettings.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: dmscript.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WMPMediaSharing.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: TenantRestrictionsPlugin.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: DscCoreConfProv.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: XblAuthManagerProxy.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: srm_ps.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: olethk32.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: shfusres.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: luainstall.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.Gaming.Input.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.Networking.XboxLive.ProxyStub.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: VGX.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: provthrd.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: mqise.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MSAMRNBSource.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: netfxconfig.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: XboxgipSynthetic.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WMICOOKR.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: GameChatTranscription.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: PortableDeviceStatus.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: imjpapi.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: fwcfg.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: VGX.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wmvdspa.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: PortableDeviceTypes.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msdfmap.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: XblAuthTokenBrokerExt.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: DiagnosticsHub_is.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ISymWrapper.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: NCObjAPI.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: PortableDeviceStatus.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: prvdmofcomp.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: inseng.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WinRtTracing.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: d3dxof.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: cmintegrator.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: FirewallAPI.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: prvdmofcomp.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wmidcom.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: shfusres.pdbm source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: .nt\retail\x86\SQLWOA.pdb2r source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MTxOCI.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WMDMLOG.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: AppIdPolicyuserApi.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: E:\A\_work\2\s\binaries\Win32\Release\pdmproxy100.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.System.UserDeviceAssociation.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WmiApRpl.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ieshims.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: appxreg.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: LogProvider.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: olesvr32.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ntvdm64.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: FolderProvider.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: LogProvider.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msauserext.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Microsoft.KeyDistributionService.Cmdlets.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: DiagnosticsHub_is.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: .nt\retail\x86\SQLWOA.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MSAMRNBDecoder.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Microsoft.KeyDistributionService.Cmdlets.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: olethk32.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wmpnssui.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msdfmap.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.Management.Workplace.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: SystemEventsBrokerClient.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MicrosoftAccountTokenProvider.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: PlayToStatusProvider.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: FirewallAPI.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: timezoneai.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WMPMediaSharing.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msscntrs.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.System.Diagnostics.TraceReporting.PlatformDiagnosticActions.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: GamePanelExternalHook.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: IEAdvpack.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WPDShServiceObj.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: provthrd.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Microsoft.Msmq.Runtime.Interop.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msdarem.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: CBSProvider.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: dmband.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: windows.gaming.ui.gamebar.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Microsoft.WindowsAuthenticationProtocols.Commands.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.StateRepositoryCore.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: PortableDeviceTypes.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: XInputUap.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: fwcfg.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WMDMLOG.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: DscCoreConfProv.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.ApplicationModel.Background.TimeBroker.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: GameChatTranscription.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: bootuwf.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: inseng.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msadds.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.StateRepositoryCore.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Microsoft.WindowsAuthenticationProtocols.Commands.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: MSAMRNBDecoder.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: hmmapi.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: CustomMarshalers.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wmpnssui.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: IEAdvpack.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: dsclient.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: TenantRestrictionsPlugin.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: ISymWrapper.pdb#" source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: bootuwf.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.System.UserProfile.DiagnosticsSettings.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: mssprxy.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: WsdProviderUtil.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: luiapi.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.System.UserProfile.DiagnosticsSettings.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: mssph.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: Windows.System.Diagnostics.Telemetry.PlatformTelemetryClient.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msscntrs.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: timezoneai.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: mqise.pdbGCTL source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: dsclient.pdbUGP source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: msdarem.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: XblGameSaveProxy.pdb source: burlar al diablo napoleon hill pdf.exe
Source: Binary string: wpdshext.pdb source: burlar al diablo napoleon hill pdf.exe
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Code function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress, 0_2_004062FC

Persistence and Installation Behavior
barindex
Drops PE files with a suspicious file extension
Source: C:\Windows\SysWOW64\cmd.exe File created: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Jump to dropped file
Creates processes with suspicious names
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe File created: \burlar al diablo napoleon hill pdf.exe
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe File created: \burlar al diablo napoleon hill pdf.exe Jump to behavior
Drops PE files
Source: C:\Windows\SysWOW64\cmd.exe File created: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Jump to dropped file
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif TID: 5356 Thread sleep time: -30000s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Code function: 0_2_004062D5 FindFirstFileW,FindClose, 0_2_004062D5
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Code function: 0_2_00402E18 FindFirstFileW, 0_2_00402E18
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Code function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW, 0_2_00406C9B
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\AppData\Local\Temp\690727 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\AppData\Local\Temp\ Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\AppData\Local\Temp\690727\ Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\AppData\Local\ Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\ Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\AppData\ Jump to behavior
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: .?AVCRegistryVirtualMachine@ATL@@H
Source: burlar al diablo napoleon hill pdf.exe Binary or memory string: .?AVCRegistryVirtualMachine@ATL@@
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Process information queried: ProcessInformation Jump to behavior
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Code function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress, 0_2_004062FC
Enables debug privileges
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Price Price.bat & Price.bat Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 690727 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "AviationLauraUhFujitsu" Fraction Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Removal + ..\Facial + ..\Shoe + ..\Greene + ..\Ncaa + ..\Dying + ..\Principle M Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Sodium.pif M Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5 Jump to behavior
Source: burlar al diablo napoleon hill pdf.exe, 00000000.00000003.2250087979.0000000002885000.00000004.00000020.00020000.00000000.sdmp, Sodium.pif, 0000000B.00000000.2299827292.0000000000D76000.00000002.00000001.01000000.00000006.sdmp, Sized.0.dr, Sodium.pif.2.dr Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: C:\Users\user\Desktop\burlar al diablo napoleon hill pdf.exe Code function: 0_2_00406805 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW, 0_2_00406805
Source: C:\Users\user\AppData\Local\Temp\690727\Sodium.pif Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1544849 Sample: burlar al diablo napoleon h... Startdate: 29/10/2024 Architecture: WINDOWS Score: 64 25 trappysno.cyou 2->25 27 strikebripm.sbs 2->27 29 9 other IPs or domains 2->29 33 Suricata IDS alerts for network traffic 2->33 35 Sigma detected: Search for Antivirus process 2->35 37 Tries to resolve many domain names, but no domain seems valid 2->37 8 burlar al diablo napoleon hill pdf.exe 20 2->8         started        signatures3 process4 process5 10 cmd.exe 3 8->10         started        file6 23 C:\Users\user\AppData\Local\...\Sodium.pif, PE32 10->23 dropped 39 Drops PE files with a suspicious file extension 10->39 14 Sodium.pif 10->14         started        17 cmd.exe 2 10->17         started        19 conhost.exe 10->19         started        21 7 other processes 10->21 signatures7 process8 dnsIp9 31 steamcommunity.com 104.102.49.254, 443, 53541 AKAMAI-ASUS United States 14->31
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.102.49.254
 steamcommunity.com United States
16625 AKAMAI-ASUS true

Contacted Domains

Name IP Active
steamcommunity.com 104.102.49.254 true
mediavelk.sbs unknown unknown
activedomest.sbs unknown unknown
ostracizez.sbs unknown unknown
definitib.sbs unknown unknown
strikebripm.sbs unknown unknown
trappysno.cyou unknown unknown
arenbootk.sbs unknown unknown
offybirhtdi.sbs unknown unknown
aWBQBumKUJoWuGshZMLv.aWBQBumKUJoWuGshZMLv unknown unknown
elaboretib.sbs unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://steamcommunity.com/profiles/76561199724331900 true
    		unknown