Click to jump to signature section
Source: 305iz8bs.exe | ReversingLabs: Detection: 73% |
Source: Submited Sample | Integrated Neural Analysis Model: Matched 99.9% probability |
Source: 305iz8bs.exe | Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: | Binary string: protobuf-net.pdbSHA256}Lq source: 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: protobuf-net.pdb source: 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmp |
Source: unknown | TCP traffic detected without corresponding DNS query: 87.120.125.214 |
Source: unknown | TCP traffic detected without corresponding DNS query: 87.120.125.214 |
Source: unknown | TCP traffic detected without corresponding DNS query: 87.120.125.214 |
Source: unknown | TCP traffic detected without corresponding DNS query: 87.120.125.214 |
Source: unknown | TCP traffic detected without corresponding DNS query: 87.120.125.214 |
Source: unknown | TCP traffic detected without corresponding DNS query: 87.120.125.214 |
Source: unknown | TCP traffic detected without corresponding DNS query: 87.120.125.214 |
Source: unknown | TCP traffic detected without corresponding DNS query: 87.120.125.214 |
Source: 305iz8bs.exe, 00000000.00000002.3161974371.00000266908C4000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3161974371.0000026690781000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://github.com/mgravell/protobuf-net |
Source: 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://github.com/mgravell/protobuf-netJ |
Source: 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://github.com/mgravell/protobuf-neti |
Source: 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://stackoverflow.com/q/11564914/23354; |
Source: 305iz8bs.exe, 00000000.00000002.3161974371.00000266908C4000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3161974371.0000026690781000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://stackoverflow.com/q/14436606/23354 |
Source: 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://stackoverflow.com/q/2152978/23354 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49975 |
Source: unknown | Network traffic detected: HTTP traffic on port 49975 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49701 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49701 |
Source: 305iz8bs.exe, ConnectionPageMapping.cs | Large array initialization: ViewAlgo: array initializer size 672976 |
Source: C:\Users\user\Desktop\305iz8bs.exe | Code function: 0_2_00007FFAAC614CBC | 0_2_00007FFAAC614CBC |
Source: C:\Users\user\Desktop\305iz8bs.exe | Code function: 0_2_00007FFAAC615AC3 | 0_2_00007FFAAC615AC3 |
Source: C:\Users\user\Desktop\305iz8bs.exe | Code function: 0_2_00007FFAAC612162 | 0_2_00007FFAAC612162 |
Source: C:\Users\user\Desktop\305iz8bs.exe | Code function: 0_2_00007FFAAC614E78 | 0_2_00007FFAAC614E78 |
Source: C:\Users\user\Desktop\305iz8bs.exe | Code function: 0_2_00007FFAAC792F74 | 0_2_00007FFAAC792F74 |
Source: C:\Users\user\Desktop\305iz8bs.exe | Code function: 0_2_00007FFAAC79A465 | 0_2_00007FFAAC79A465 |
Source: C:\Users\user\Desktop\305iz8bs.exe | Code function: 0_2_00007FFAAC6F31CC | 0_2_00007FFAAC6F31CC |
Source: 305iz8bs.exe | Static PE information: No import functions for PE file found |
Source: 305iz8bs.exe, 00000000.00000002.3164552792.00000266A8E40000.00000004.08000000.00040000.00000000.sdmp | Binary or memory string: OriginalFilenameNmptgt.dll" vs 305iz8bs.exe |
Source: 305iz8bs.exe, 00000000.00000002.3161974371.0000026690781000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameNmptgt.dll" vs 305iz8bs.exe |
Source: 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp | Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs 305iz8bs.exe |
Source: 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs 305iz8bs.exe |
Source: 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs 305iz8bs.exe |
Source: 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0A86000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameNmptgt.dll" vs 305iz8bs.exe |
Source: 305iz8bs.exe | Binary or memory string: OriginalFilenameEfjpmaesboh.exe" vs 305iz8bs.exe |
Source: 305iz8bs.exe | Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: 305iz8bs.exe, ComparatorProducerFilter.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 305iz8bs.exe, ComparatorProducerFilter.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 305iz8bs.exe, ConnectionPageMapping.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: classification engine | Classification label: mal84.evad.winEXE@1/0@0/1 |
Source: C:\Users\user\Desktop\305iz8bs.exe | Mutant created: NULL |
Source: C:\Users\user\Desktop\305iz8bs.exe | Mutant created: \Sessions\1\BaseNamedObjects\0dc246cb588177472226d5 |
Source: C:\Users\user\Desktop\305iz8bs.exe | Mutant created: \Sessions\1\BaseNamedObjects\02141e02ea78f4cc5f9de3f79c7ebf0b |
Source: 305iz8bs.exe | Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: 305iz8bs.exe | Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88% |
Source: C:\Users\user\Desktop\305iz8bs.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Users\user\Desktop\305iz8bs.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Users\user\Desktop\305iz8bs.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Users\user\Desktop\305iz8bs.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: 305iz8bs.exe | ReversingLabs: Detection: 73% |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: atiadlxx.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: atiadlxy.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: atiadlxy.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: atiadlxy.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: nvapi64.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: atiadlxy.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: atiadlxy.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: atiadlxy.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: atiadlxy.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: atiadlxy.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Section loaded: atiadlxy.dll | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 | Jump to behavior |
Source: 305iz8bs.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR |
Source: 305iz8bs.exe | Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: | Binary string: protobuf-net.pdbSHA256}Lq source: 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: protobuf-net.pdb source: 305iz8bs.exe, 00000000.00000002.3164989558.00000266A8FB0000.00000004.08000000.00040000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0DF7000.00000004.00000800.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmp |
Source: 305iz8bs.exe, ComparatorProducerFilter.cs | .Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)}) |
Source: 305iz8bs.exe, ConnectionPageMapping.cs | .Net Code: ViewAlgo System.Reflection.Assembly.Load(byte[]) |
Source: 0.2.305iz8bs.exe.266a0da6fc0.4.raw.unpack, TypeModel.cs | .Net Code: TryDeserializeList |
Source: 0.2.305iz8bs.exe.266a0da6fc0.4.raw.unpack, ListDecorator.cs | .Net Code: Read |
Source: 0.2.305iz8bs.exe.266a0da6fc0.4.raw.unpack, TypeSerializer.cs | .Net Code: CreateInstance |
Source: 0.2.305iz8bs.exe.266a0da6fc0.4.raw.unpack, TypeSerializer.cs | .Net Code: EmitCreateInstance |
Source: 0.2.305iz8bs.exe.266a0da6fc0.4.raw.unpack, TypeSerializer.cs | .Net Code: EmitCreateIfNull |
Source: 0.2.305iz8bs.exe.266a8fb0000.8.raw.unpack, TypeModel.cs | .Net Code: TryDeserializeList |
Source: 0.2.305iz8bs.exe.266a8fb0000.8.raw.unpack, ListDecorator.cs | .Net Code: Read |
Source: 0.2.305iz8bs.exe.266a8fb0000.8.raw.unpack, TypeSerializer.cs | .Net Code: CreateInstance |
Source: 0.2.305iz8bs.exe.266a8fb0000.8.raw.unpack, TypeSerializer.cs | .Net Code: EmitCreateInstance |
Source: 0.2.305iz8bs.exe.266a8fb0000.8.raw.unpack, TypeSerializer.cs | .Net Code: EmitCreateIfNull |
Source: Yara match | File source: 0.2.305iz8bs.exe.266a0ad5308.5.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.305iz8bs.exe.266a0cb6150.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.305iz8bs.exe.266a8f50000.7.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.305iz8bs.exe.266a0d56188.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.305iz8bs.exe.266a0afd340.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.305iz8bs.exe.266a0ad5308.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000002.3162877249.00000266A0CB6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.3164875436.00000266A8F50000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.3162877249.00000266A0D56000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.3162877249.00000266A0A86000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.3161974371.0000026690781000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: 305iz8bs.exe PID: 7612, type: MEMORYSTR |
Source: 305iz8bs.exe | Static PE information: 0x9410C053 [Sat Sep 19 10:56:19 2048 UTC] |
Source: 305iz8bs.exe | Static PE information: section name: .text entropy: 7.9606595760936045 |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive |
Source: C:\Users\user\Desktop\305iz8bs.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive |
Source: C:\Users\user\Desktop\305iz8bs.exe | Memory allocated: 2668ED30000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Memory allocated: 266A8780000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Thread delayed: delay time: 180000 | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Thread delayed: delay time: 180000 | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe TID: 7724 | Thread sleep time: -922337203685477s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe TID: 7724 | Thread sleep time: -60000s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe TID: 7616 | Thread sleep time: -180000s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe TID: 7616 | Thread sleep time: -180000s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe TID: 7724 | Thread sleep time: -60000s >= -30000s | Jump to behavior |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\305iz8bs.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard |
Source: C:\Users\user\Desktop\305iz8bs.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Users\user\Desktop\305iz8bs.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Users\user\Desktop\305iz8bs.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Users\user\Desktop\305iz8bs.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Users\user\Desktop\305iz8bs.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Thread delayed: delay time: 60000 | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Thread delayed: delay time: 180000 | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Thread delayed: delay time: 180000 | Jump to behavior |
Source: C:\Users\user\Desktop\305iz8bs.exe | Thread delayed: delay time: 60000 | Jump to behavior |
Source: 305iz8bs.exe, 00000000.00000002.3165170294.00000266A903F000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: 305iz8bs.exe, 00000000.00000002.3165170294.00000266A903F000.00000004.00000020.00020000.00000000.sdmp, 305iz8bs.exe, 00000000.00000002.3160723917.000002668EC05000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe |
Source: C:\Users\user\Desktop\305iz8bs.exe | WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |