Source: YY3k9rjxpY.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: YY3k9rjxpY.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0K |
Source: YY3k9rjxpY.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crt0 |
Source: YY3k9rjxpY.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: YY3k9rjxpY.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: YY3k9rjxpY.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: YY3k9rjxpY.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: YY3k9rjxpY.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0S |
Source: YY3k9rjxpY.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: YY3k9rjxpY.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: YY3k9rjxpY.exe | String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0 |
Source: RegAsm.exe, 00000002.00000002.4529927885.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4529927885.0000000002D32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4529927885.0000000002D18000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ip-api.com |
Source: YY3k9rjxpY.exe, 00000000.00000003.2159557727.000000000067F000.00000004.00000020.00020000.00000000.sdmp, YY3k9rjxpY.exe, 00000000.00000003.2119489603.000000000065F000.00000004.00000020.00020000.00000000.sdmp, YY3k9rjxpY.exe, 00000000.00000003.2159771368.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, YY3k9rjxpY.exe, 00000000.00000003.2159849031.000000000067F000.00000004.00000020.00020000.00000000.sdmp, YY3k9rjxpY.exe, 00000000.00000002.2161509689.00000000029F2000.00000040.10000000.00040000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4529927885.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4529927885.0000000002D18000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4527761643.0000000000402000.00000040.80000000.00040000.00000000.sdmp | String found in binary or memory: http://ip-api.com/line/?fields=hosting |
Source: YY3k9rjxpY.exe | String found in binary or memory: http://ocsp.digicert.com0 |
Source: YY3k9rjxpY.exe | String found in binary or memory: http://ocsp.digicert.com0A |
Source: YY3k9rjxpY.exe | String found in binary or memory: http://ocsp.digicert.com0C |
Source: YY3k9rjxpY.exe | String found in binary or memory: http://ocsp.digicert.com0I |
Source: YY3k9rjxpY.exe | String found in binary or memory: http://ocsp.digicert.com0X |
Source: RegAsm.exe, 00000002.00000002.4529927885.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4529927885.0000000002D18000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: YY3k9rjxpY.exe | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: YY3k9rjxpY.exe, 00000000.00000003.2159557727.000000000067F000.00000004.00000020.00020000.00000000.sdmp, YY3k9rjxpY.exe, 00000000.00000003.2119489603.000000000065F000.00000004.00000020.00020000.00000000.sdmp, YY3k9rjxpY.exe, 00000000.00000003.2159771368.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, YY3k9rjxpY.exe, 00000000.00000003.2159849031.000000000067F000.00000004.00000020.00020000.00000000.sdmp, YY3k9rjxpY.exe, 00000000.00000002.2161509689.00000000029F2000.00000040.10000000.00040000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4527761643.0000000000402000.00000040.80000000.00040000.00000000.sdmp | String found in binary or memory: https://account.dyn.com/ |
Source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen |
Source: 0.3.YY3k9rjxpY.exe.67faec.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.3.YY3k9rjxpY.exe.67faec.0.raw.unpack, type: UNPACKEDPE | Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen |
Source: 0.3.YY3k9rjxpY.exe.67fae8.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.3.YY3k9rjxpY.exe.67fae8.2.raw.unpack, type: UNPACKEDPE | Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen |
Source: 0.3.YY3k9rjxpY.exe.67faec.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.3.YY3k9rjxpY.exe.67faec.0.unpack, type: UNPACKEDPE | Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen |
Source: 0.3.YY3k9rjxpY.exe.67fae8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.3.YY3k9rjxpY.exe.67fae8.1.raw.unpack, type: UNPACKEDPE | Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen |
Source: 0.3.YY3k9rjxpY.exe.67fae8.2.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.3.YY3k9rjxpY.exe.67fae8.2.unpack, type: UNPACKEDPE | Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen |
Source: 0.3.YY3k9rjxpY.exe.67fae8.1.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.3.YY3k9rjxpY.exe.67fae8.1.unpack, type: UNPACKEDPE | Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen |
Source: 0.2.YY3k9rjxpY.exe.29f0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.YY3k9rjxpY.exe.29f0000.0.unpack, type: UNPACKEDPE | Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_20952AD8 NtQueryInformationProcess, | 0_2_20952AD8 |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_2095290B NtAllocateVirtualMemory,NtProtectVirtualMemory,ChrCmpIA,NtProtectVirtualMemory, | 0_2_2095290B |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_02192BF8 NtCreateSection,NtMapViewOfSection,CreateProcessW,NtGetContextThread,NtReadVirtualMemory,NtWriteVirtualMemory,NtUnmapViewOfSection,NtMapViewOfSection,NtSetContextThread,NtResumeThread, | 0_2_02192BF8 |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_02192B3E NtCreateSection,NtMapViewOfSection,CreateProcessW,NtGetContextThread,NtReadVirtualMemory,NtWriteVirtualMemory,NtUnmapViewOfSection,NtMapViewOfSection,NtSetContextThread,NtResumeThread, | 0_2_02192B3E |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_02192B6E NtCreateSection,NtMapViewOfSection,CreateProcessW,NtGetContextThread,NtReadVirtualMemory,NtWriteVirtualMemory,NtUnmapViewOfSection,NtMapViewOfSection,NtSetContextThread,NtResumeThread, | 0_2_02192B6E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0044600F NtProtectVirtualMemory, | 2_2_0044600F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0044601E NtAllocateVirtualMemory, | 2_2_0044601E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004430BA NtDelayExecution, | 2_2_004430BA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00443567 NtCreateThreadEx,NtClose, | 2_2_00443567 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00445F41 NtProtectVirtualMemory, | 2_2_00445F41 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004457B0 NtAllocateVirtualMemory, | 2_2_004457B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0044314D NtDelayExecution, | 2_2_0044314D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0044390A NtCreateThreadEx,NtClose, | 2_2_0044390A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00443A12 NtClose, | 2_2_00443A12 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_02C1A620 | 2_2_02C1A620 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_02C14A80 | 2_2_02C14A80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_02C1D978 | 2_2_02C1D978 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_02C19E60 | 2_2_02C19E60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_02C13E68 | 2_2_02C13E68 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_02C141B0 | 2_2_02C141B0 |
Source: YY3k9rjxpY.exe, 00000000.00000003.2159557727.000000000067F000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenamee8300309-2878-4eb6-9fa4-d88c99cb9494.exe4 vs YY3k9rjxpY.exe |
Source: YY3k9rjxpY.exe, 00000000.00000003.2119489603.000000000065F000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenamee8300309-2878-4eb6-9fa4-d88c99cb9494.exe4 vs YY3k9rjxpY.exe |
Source: YY3k9rjxpY.exe, 00000000.00000000.2059442794.0000000020BBD000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenameacvm7qw909e.exe vs YY3k9rjxpY.exe |
Source: YY3k9rjxpY.exe, 00000000.00000003.2159771368.0000000003E11000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenamee8300309-2878-4eb6-9fa4-d88c99cb9494.exe4 vs YY3k9rjxpY.exe |
Source: YY3k9rjxpY.exe, 00000000.00000003.2159849031.000000000067F000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenamee8300309-2878-4eb6-9fa4-d88c99cb9494.exe4 vs YY3k9rjxpY.exe |
Source: YY3k9rjxpY.exe, 00000000.00000002.2161509689.0000000002A2E000.00000040.10000000.00040000.00000000.sdmp | Binary or memory string: OriginalFilenamee8300309-2878-4eb6-9fa4-d88c99cb9494.exe4 vs YY3k9rjxpY.exe |
Source: YY3k9rjxpY.exe | Binary or memory string: OriginalFilenameacvm7qw909e.exe8_ vs YY3k9rjxpY.exe |
Source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload |
Source: 0.3.YY3k9rjxpY.exe.67faec.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.3.YY3k9rjxpY.exe.67faec.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload |
Source: 0.3.YY3k9rjxpY.exe.67fae8.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.3.YY3k9rjxpY.exe.67fae8.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload |
Source: 0.3.YY3k9rjxpY.exe.67faec.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.3.YY3k9rjxpY.exe.67faec.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload |
Source: 0.3.YY3k9rjxpY.exe.67fae8.1.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.3.YY3k9rjxpY.exe.67fae8.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload |
Source: 0.3.YY3k9rjxpY.exe.67fae8.2.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.3.YY3k9rjxpY.exe.67fae8.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload |
Source: 0.3.YY3k9rjxpY.exe.67fae8.1.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.3.YY3k9rjxpY.exe.67fae8.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload |
Source: 0.2.YY3k9rjxpY.exe.29f0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.YY3k9rjxpY.exe.29f0000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Section loaded: msvbvm60.dll | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Section loaded: vb6zz.dll | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Section loaded: vb6de.dll | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Section loaded: sxs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Section loaded: vb6de.dll | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: aclayers.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sfc.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sfc_os.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rtutils.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: vaultcli.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_0062C17D pushad ; ret | 0_2_0062C365 |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_0062B6ED pushad ; ret | 0_2_0062B721 |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_02191A0C push esi; iretd | 0_2_02191A0D |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_02195ABA push es; ret | 0_2_02195ABB |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_02195B0C push FFFFFFDBh; ret | 0_2_02195B0E |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_02190CB2 push ss; ret | 0_2_02190D2D |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_02195D08 push ecx; ret | 0_2_02195D15 |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_02190D0A push ss; ret | 0_2_02190D2D |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_0219599E pushfd ; retf | 0_2_021959A5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004448FB push FFFFFFDBh; ret | 2_2_004448FD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004448A9 push es; ret | 2_2_004448AA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00445641 push eax; iretd | 2_2_00445642 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00445622 pushad ; ret | 2_2_0044563D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00444AF7 push ecx; ret | 2_2_00444B04 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0044478D pushfd ; retf | 2_2_00444794 |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: YY3k9rjxpY.exe, 00000000.00000003.2159557727.000000000067F000.00000004.00000020.00020000.00000000.sdmp, YY3k9rjxpY.exe, 00000000.00000003.2119489603.000000000065F000.00000004.00000020.00020000.00000000.sdmp, YY3k9rjxpY.exe, 00000000.00000003.2159771368.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, YY3k9rjxpY.exe, 00000000.00000003.2159849031.000000000067F000.00000004.00000020.00020000.00000000.sdmp, YY3k9rjxpY.exe, 00000000.00000002.2161509689.00000000029F2000.00000040.10000000.00040000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4529927885.0000000002D32000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4529927885.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4527761643.0000000000402000.00000040.80000000.00040000.00000000.sdmp | Binary or memory string: SBIEDLL.DLL |
Source: RegAsm.exe, 00000002.00000002.4529927885.0000000002C85000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMware |
Source: RegAsm.exe, 00000002.00000002.4527761643.0000000000402000.00000040.80000000.00040000.00000000.sdmp | Binary or memory string: vmware |
Source: RegAsm.exe, 00000002.00000002.4527761643.0000000000402000.00000040.80000000.00040000.00000000.sdmp | Binary or memory string: VMwareVBoxESelect * from Win32_ComputerSystem |
Source: RegAsm.exe, 00000002.00000002.4531677612.0000000006001000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_20952EC1 mov eax, dword ptr fs:[00000030h] | 0_2_20952EC1 |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_20952BD8 mov eax, dword ptr fs:[00000030h] | 0_2_20952BD8 |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_20952BC3 mov eax, dword ptr fs:[00000030h] | 0_2_20952BC3 |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_20952BEC mov eax, dword ptr fs:[00000030h] | 0_2_20952BEC |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_20952B66 mov eax, dword ptr fs:[00000030h] | 0_2_20952B66 |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_02192BF8 mov eax, dword ptr fs:[00000030h] | 0_2_02192BF8 |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_02196A86 mov eax, dword ptr fs:[00000030h] | 0_2_02196A86 |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_02196AA2 mov eax, dword ptr fs:[00000030h] | 0_2_02196AA2 |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_02196BBE mov eax, dword ptr fs:[00000030h] | 0_2_02196BBE |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_021973D2 mov ecx, dword ptr fs:[00000030h] | 0_2_021973D2 |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_02196BFA mov eax, dword ptr fs:[00000030h] | 0_2_02196BFA |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_02196881 mov eax, dword ptr fs:[00000030h] | 0_2_02196881 |
Source: C:\Users\user\Desktop\YY3k9rjxpY.exe | Code function: 0_2_021931C9 mov eax, dword ptr fs:[00000030h] | 0_2_021931C9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004457B0 mov ecx, dword ptr fs:[00000030h] | 2_2_004457B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00445C48 mov eax, dword ptr fs:[00000030h] | 2_2_00445C48 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00445875 mov eax, dword ptr fs:[00000030h] | 2_2_00445875 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00445891 mov eax, dword ptr fs:[00000030h] | 2_2_00445891 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00445D28 mov eax, dword ptr fs:[00000030h] | 2_2_00445D28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004461C1 mov ecx, dword ptr fs:[00000030h] | 2_2_004461C1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004459E9 mov eax, dword ptr fs:[00000030h] | 2_2_004459E9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004459AD mov eax, dword ptr fs:[00000030h] | 2_2_004459AD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00445670 mov eax, dword ptr fs:[00000030h] | 2_2_00445670 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00445622 mov eax, dword ptr fs:[00000030h] | 2_2_00445622 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00445A92 mov ecx, dword ptr fs:[00000030h] | 2_2_00445A92 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0044574F mov eax, dword ptr fs:[00000030h] | 2_2_0044574F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00445B30 mov eax, dword ptr fs:[00000030h] | 2_2_00445B30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004457D4 mov eax, dword ptr fs:[00000030h] | 2_2_004457D4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: Yara match | File source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.YY3k9rjxpY.exe.67faec.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.YY3k9rjxpY.exe.67fae8.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.YY3k9rjxpY.exe.67faec.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.YY3k9rjxpY.exe.67fae8.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.YY3k9rjxpY.exe.67fae8.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.YY3k9rjxpY.exe.67fae8.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.YY3k9rjxpY.exe.29f0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000003.2119489603.000000000065F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.2159557727.000000000067F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.2159771368.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.2161509689.00000000029F2000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.2159849031.000000000067F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.4527761643.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: YY3k9rjxpY.exe PID: 5560, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: RegAsm.exe PID: 2136, type: MEMORYSTR |
Source: Yara match | File source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.YY3k9rjxpY.exe.67faec.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.YY3k9rjxpY.exe.67fae8.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.YY3k9rjxpY.exe.67faec.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.YY3k9rjxpY.exe.67fae8.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.YY3k9rjxpY.exe.67fae8.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.YY3k9rjxpY.exe.67fae8.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.YY3k9rjxpY.exe.29f0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000003.2119489603.000000000065F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.2159557727.000000000067F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.2159771368.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.2161509689.00000000029F2000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.2159849031.000000000067F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.4529927885.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.4527761643.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: YY3k9rjxpY.exe PID: 5560, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: RegAsm.exe PID: 2136, type: MEMORYSTR |
Source: Yara match | File source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.YY3k9rjxpY.exe.67faec.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.YY3k9rjxpY.exe.67fae8.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.YY3k9rjxpY.exe.67faec.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.YY3k9rjxpY.exe.67fae8.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.YY3k9rjxpY.exe.67fae8.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.YY3k9rjxpY.exe.67fae8.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.YY3k9rjxpY.exe.29f0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000003.2119489603.000000000065F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.2159557727.000000000067F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.2159771368.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.2161509689.00000000029F2000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.2159849031.000000000067F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.4527761643.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: YY3k9rjxpY.exe PID: 5560, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: RegAsm.exe PID: 2136, type: MEMORYSTR |