Windows Analysis Report
run.exe

Overview

General Information

Sample name: run.exe
Analysis ID: 1579290
MD5: cd860c78e0374dec3a2b1a73507fce4a
SHA1: 3f3bfa99784864377725873c23a13bb1045c92ae
SHA256: ad3129449969566ca74bbfe8a4e2a0a551d2725b1d1f9d5bcce4e9dd476927b5
Tags: exeuser-smica83
Infos:

Detection

Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Modifies existing user documents (likely ransomware behavior)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion Autorun Keys Modification

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: run.exe Virustotal: Detection: 63% Perma Link
Source: run.exe ReversingLabs: Detection: 57%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 97.9% probability
Source: run.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: unknown TCP traffic detected without corresponding DNS query: 91.208.206.195
Source: unknown TCP traffic detected without corresponding DNS query: 91.208.206.195
Source: unknown TCP traffic detected without corresponding DNS query: 91.208.206.195
Source: unknown TCP traffic detected without corresponding DNS query: 91.208.206.195
Source: unknown TCP traffic detected without corresponding DNS query: 91.208.206.195
Source: unknown TCP traffic detected without corresponding DNS query: 91.208.206.195
Source: unknown HTTP traffic detected: POST /store HTTP/1.1Host: 91.208.206.195User-Agent: ureq/2.10.1Accept: */*Content-Type: application/jsonaccept-encoding: gzipContent-Length: 47
Source: run.exe, 00000000.00000002.1698572592.000002059373C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://91.208.206.195/store
Source: run.exe String found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support
Source: run.exe String found in binary or memory: https://docs.rs/rustls/latest/rustls/manual/_03_howto/index.html#unexpected-eof
Source: run.exe String found in binary or memory: https://github.com/clap-rs/clap/issues
Source: run.exe String found in binary or memory: https://github.com/clap-rs/clap/issues/home/kali/.cargo/registry/src/index.crates.io-6f17d22bba15001
Source: run.exe String found in binary or memory: https://github.com/clap-rs/clap/issuesCOMMAND
Source: run.exe String found in binary or memory: https://github.com/clap-rs/clap/issuesj

Spam, unwanted Advertisements and Ransom Demands
barindex
Modifies existing user documents (likely ransomware behavior)
Source: C:\Users\user\Desktop\run.exe File deleted: C:\Users\user\Desktop\KATAXZVCPS.jpg Jump to behavior
Source: C:\Users\user\Desktop\run.exe File deleted: C:\Users\user\Desktop\VLZDGUKUTZ.docx Jump to behavior
Source: C:\Users\user\Desktop\run.exe File deleted: C:\Users\user\Desktop\ONBQCLYSPU\ONBQCLYSPU.docx Jump to behavior
Source: C:\Users\user\Desktop\run.exe File deleted: C:\Users\user\Desktop\BPMLNOBVSB.png Jump to behavior
Source: C:\Users\user\Desktop\run.exe File deleted: C:\Users\user\Desktop\UMMBDNEQBN\UMMBDNEQBN.docx Jump to behavior
Source: classification engine Classification label: mal64.rans.evad.winEXE@2/75@0/1
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7324:120:WilError_03
Source: run.exe, 00000000.00000000.1675092431.00007FF7463BF000.00000002.00000001.01000000.00000003.sdmp Memory string: rustls::msgs::handshake
Source: run.exe, 00000000.00000000.1675092431.00007FF7463BF000.00000002.00000001.01000000.00000003.sdmp Memory string: rustls::msgs::handshakeClientExtension
Source: run.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\run.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: run.exe Virustotal: Detection: 63%
Source: run.exe ReversingLabs: Detection: 57%
Source: run.exe String found in binary or memory: helpPrint helpPrint help (see more with '--help')Print help (see a summary with '-h')versionPrint versionPrint this message or the help of the given subcommand(s)subcommandCOMMANDPrint help for the subcommand(s)
Source: run.exe String found in binary or memory: helpPrint helpPrint help (see more with '--help')Print help (see a summary with '-h')versionPrint versionPrint this message or the help of the given subcommand(s)subcommandCOMMANDPrint help for the subcommand(s)
Source: run.exe String found in binary or memory: 3helpPrint helpPrint help (see more with '--help')Print help (see a summary with '-h')versionPrint versionPrint this message or the help of the given subcommand(s)subcommandCOMMANDPrint help for the subcommand(s)
Source: run.exe String found in binary or memory: 3helpPrint helpPrint help (see more with '--help')Print help (see a summary with '-h')versionPrint versionPrint this message or the help of the given subcommand(s)subcommandCOMMANDPrint help for the subcommand(s)
Source: run.exe String found in binary or memory: --helphelp--
Source: run.exe String found in binary or memory: --helphelp--
Source: run.exe String found in binary or memory: {before-help}{about-with-newline}
Source: run.exe String found in binary or memory: {usage-heading} {usage}{after-help}{before-help}{about-with-newline}
Source: run.exe String found in binary or memory: {all-args}{after-help}
Source: run.exe String found in binary or memory: 7{before-help}{about-with-newline}
Source: run.exe String found in binary or memory: namebinversionauthorauthor-with-newlineauthor-sectionaboutabout-with-newlineabout-sectionusage-headingusageall-argsoptionspositionalssubcommandstabafter-helpbefore-help{}
Source: run.exe String found in binary or memory: namebinversionauthorauthor-with-newlineauthor-sectionaboutabout-with-newlineabout-sectionusage-headingusageall-argsoptionspositionalssubcommandstabafter-helpbefore-help{}xU<@
Source: unknown Process created: C:\Users\user\Desktop\run.exe "C:\Users\user\Desktop\run.exe"
Source: C:\Users\user\Desktop\run.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\run.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\run.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\run.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\run.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\run.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\run.exe Section loaded: mswsock.dll Jump to behavior
Source: run.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: run.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: run.exe Static file information: File size 6138219 > 1048576
Source: run.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x31d000
Source: run.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
PE file contains sections with non-standard names
Source: run.exe Static PE information: section name: .xdata
Source: C:\Users\user\Desktop\run.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run p4yx0rl0s3 Jump to behavior
Source: C:\Users\user\Desktop\run.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run p4yx0rl0s3 Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: run.exe Binary or memory string: FROMUTF16ERRORP4YX0RL0S31.0KEYKEYSETS A KEYFILESETS THE INPUT FILE OR DIRECTORYFILEVMSRVC.EXETCPVIEW.EXEWIRESHARK.EXEFIDDLER.EXEVMWARE.EXEVIRTUALBOX.EXEPROCEXP.EXEAUTOIT.EXEVBOXTRAY.EXEVMTOOLSD.EXEVMRAWDSK.SYS.VMUSBMOUSE.SYS.DF5SERV.EXEVBOXSERVICE.EXE
Source: run.exe, 00000000.00000002.1698572592.000002059373C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vboxservice.exeolm.T
Source: run.exe, 00000000.00000002.1698572592.000002059373C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vmsrvc.exe.sys.olm.T
Source: run.exe, 00000000.00000002.1698572592.000002059373C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vmware.exeemqbuolm.
Source: run.exe, 00000000.00000002.1698572592.000002059373C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vboxtray.exexeuolm.
Source: run.exe Binary or memory string: FromUtf16Errorp4yx0rl0s31.0keyKEYSets a keyfileSets the input file or directoryFILEvmsrvc.exetcpview.exewireshark.exefiddler.exevmware.exeVirtualBox.exeprocexp.exeautoit.exevboxtray.exevmtoolsd.exevmrawdsk.sys.vmusbmouse.sys.df5serv.exevboxservice.exe
Source: run.exe, 00000000.00000002.1698572592.000002059373C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vmtoolsd.exeqbuolm.
Source: run.exe, 00000000.00000002.1698572592.000002059373C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vboxservice.exeolm.
Source: run.exe, 00000000.00000003.1698386422.000002059375A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: run.exe, 00000000.00000002.1698572592.000002059373C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vboxservice.exeolm.
Source: C:\Users\user\Desktop\run.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\Desktop\run.exe NtWriteFile: Indirect: 0x7FF746345866 Jump to behavior
Source: C:\Users\user\Desktop\run.exe NtReadFile: Indirect: 0x7FF746345746 Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Contacts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Contacts\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Contacts\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\BPMLNOBVSB.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\BPMLNOBVSB.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\BPMLNOBVSB.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\Excel.lnk VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\HTAGVDFUIE.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\JSDNGYCOWY.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\JSDNGYCOWY.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\JSDNGYCOWY.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\JSDNGYCOWY.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\LTKMYBSEYZ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\MXPXCVPDVN VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\NWTVCDUMOB VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\NWTVCDUMOB.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\NWTVCDUMOB.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\NWTVCDUMOB.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU\DVWHKMNFNN.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU\DVWHKMNFNN.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU\HTAGVDFUIE.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU\HTAGVDFUIE.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU\HTAGVDFUIE.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU\KATAXZVCPS.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU\KATAXZVCPS.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU\KATAXZVCPS.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU\ONBQCLYSPU.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU\ONBQCLYSPU.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU\ONBQCLYSPU.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU\UMMBDNEQBN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU\UMMBDNEQBN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU\UMMBDNEQBN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU\VLZDGUKUTZ.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU\VLZDGUKUTZ.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU\VLZDGUKUTZ.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\ONBQCLYSPU.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\RAYHIWGKDI VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\run.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\run.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\BPMLNOBVSB.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\BPMLNOBVSB.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\BPMLNOBVSB.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\CURQNKVOIX.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\CURQNKVOIX.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\JSDNGYCOWY.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\JSDNGYCOWY.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\JSDNGYCOWY.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\WUTJSCBCFX.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\WUTJSCBCFX.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN\WUTJSCBCFX.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\UMMBDNEQBN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\VLZDGUKUTZ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\VLZDGUKUTZ\DVWHKMNFNN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\VLZDGUKUTZ\DVWHKMNFNN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\VLZDGUKUTZ\JSDNGYCOWY.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\VLZDGUKUTZ\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\VLZDGUKUTZ\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\VLZDGUKUTZ\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\VLZDGUKUTZ\NWTVCDUMOB.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\VLZDGUKUTZ\NWTVCDUMOB.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\VLZDGUKUTZ\VLZDGUKUTZ.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\VLZDGUKUTZ\YPSIACHYXW.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\VLZDGUKUTZ\YPSIACHYXW.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\VLZDGUKUTZ.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\VLZDGUKUTZ.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\VLZDGUKUTZ.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\VLZDGUKUTZ.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\VLZDGUKUTZ.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\VLZDGUKUTZ.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\WUTJSCBCFX.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\WUTJSCBCFX.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\YPSIACHYXW.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Desktop\YPSIACHYXW.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\BPMLNOBVSB.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\BPMLNOBVSB.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\HTAGVDFUIE.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\JSDNGYCOWY.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\JSDNGYCOWY.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\LTKMYBSEYZ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Music\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Pictures\Camera Roll\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Pictures\Camera Roll\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Pictures\Saved Pictures\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Pictures\Saved Pictures\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\NWTVCDUMOB.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\ONBQCLYSPU\DVWHKMNFNN.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\ONBQCLYSPU\DVWHKMNFNN.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\ONBQCLYSPU\HTAGVDFUIE.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\ONBQCLYSPU\HTAGVDFUIE.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\ONBQCLYSPU\HTAGVDFUIE.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\ONBQCLYSPU\KATAXZVCPS.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\ONBQCLYSPU\KATAXZVCPS.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\ONBQCLYSPU\KATAXZVCPS.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\ONBQCLYSPU\ONBQCLYSPU.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\ONBQCLYSPU\ONBQCLYSPU.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\ONBQCLYSPU\ONBQCLYSPU.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\ONBQCLYSPU\UMMBDNEQBN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\ONBQCLYSPU\UMMBDNEQBN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\ONBQCLYSPU\UMMBDNEQBN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\ONBQCLYSPU\VLZDGUKUTZ.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\ONBQCLYSPU\VLZDGUKUTZ.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\ONBQCLYSPU\VLZDGUKUTZ.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\ONBQCLYSPU.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\RAYHIWGKDI VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\BPMLNOBVSB.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\CURQNKVOIX.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\CURQNKVOIX.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\JSDNGYCOWY.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\JSDNGYCOWY.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\JSDNGYCOWY.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN\WUTJSCBCFX.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\UMMBDNEQBN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VAMYDFPUND VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VLZDGUKUTZ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VLZDGUKUTZ\DVWHKMNFNN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VLZDGUKUTZ\DVWHKMNFNN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VLZDGUKUTZ\DVWHKMNFNN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VLZDGUKUTZ\JSDNGYCOWY.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VLZDGUKUTZ\JSDNGYCOWY.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VLZDGUKUTZ\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VLZDGUKUTZ\NWTVCDUMOB.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VLZDGUKUTZ\NWTVCDUMOB.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VLZDGUKUTZ\NWTVCDUMOB.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VLZDGUKUTZ\VLZDGUKUTZ.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VLZDGUKUTZ\VLZDGUKUTZ.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VLZDGUKUTZ\VLZDGUKUTZ.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VLZDGUKUTZ\YPSIACHYXW.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VLZDGUKUTZ\YPSIACHYXW.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VLZDGUKUTZ.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VLZDGUKUTZ.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VLZDGUKUTZ.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VLZDGUKUTZ.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VLZDGUKUTZ.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\VLZDGUKUTZ.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\WUTJSCBCFX.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\WUTJSCBCFX.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\YPSIACHYXW.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\YPSIACHYXW.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Documents\YPSIACHYXW.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\BPMLNOBVSB.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\BPMLNOBVSB.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\CURQNKVOIX.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\CURQNKVOIX.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\DVWHKMNFNN.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\DVWHKMNFNN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\DVWHKMNFNN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\DVWHKMNFNN.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\HTAGVDFUIE.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\JSDNGYCOWY.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\JSDNGYCOWY.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\KATAXZVCPS.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\KATAXZVCPS.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\NWTVCDUMOB.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\ONBQCLYSPU.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\ONBQCLYSPU.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\UMMBDNEQBN.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\UMMBDNEQBN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\UMMBDNEQBN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\UMMBDNEQBN.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\VLZDGUKUTZ.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\VLZDGUKUTZ.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\VLZDGUKUTZ.docx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\VLZDGUKUTZ.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\VLZDGUKUTZ.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\VLZDGUKUTZ.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\WUTJSCBCFX.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\WUTJSCBCFX.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\WUTJSCBCFX.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\YPSIACHYXW.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Downloads\YPSIACHYXW.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Favorites\Amazon.url VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Favorites\Amazon.url VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Favorites\Bing.url VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Favorites\Bing.url VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Favorites\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Favorites\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Favorites\Facebook.url VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Favorites\Facebook.url VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Favorites\Google.url VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Favorites\Links VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Favorites\Links\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Favorites\Links\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Favorites\Live.url VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Favorites\Live.url VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Favorites\NYTimes.url VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Favorites\Reddit.url VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Favorites\Reddit.url VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Favorites\Twitter.url VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Music\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Music\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Pictures\Camera Roll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Pictures\Camera Roll\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Pictures\Camera Roll\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Pictures\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Pictures\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Pictures\Saved Pictures VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Pictures\Saved Pictures\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Pictures\Saved Pictures\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Videos\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\run.exe Queries volume information: C:\Users\user\Videos\desktop.ini VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1579290 Sample: run.exe Startdate: 21/12/2024 Architecture: WINDOWS Score: 64 23 Multi AV Scanner detection for submitted file 2->23 25 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->25 27 AI detected suspicious sample 2->27 6 run.exe 1 1 2->6         started        process3 dnsIp4 21 91.208.206.195, 49731, 80 ALEXHOSTMD unknown 6->21 13 C:\Users\user\Desktop\VLZDGUKUTZ.docx, data 6->13 dropped 15 C:\Users\user\Desktop\...\UMMBDNEQBN.docx, data 6->15 dropped 17 C:\Users\user\Desktop\...\ONBQCLYSPU.docx, data 6->17 dropped 19 2 other malicious files 6->19 dropped 29 Found direct / indirect Syscall (likely to bypass EDR) 6->29 31 Modifies existing user documents (likely ransomware behavior) 6->31 11 conhost.exe 6->11         started        file5 signatures6 process7
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
91.208.206.195
 unknown unknown
200019 ALEXHOSTMD false

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://91.208.206.195/store false
    		unknown