Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: z: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: x: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: v: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: t: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: r: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: p: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: n: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: l: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: j: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: h: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: f: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: b: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: y: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: w: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: u: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: s: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: q: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: o: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: m: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: k: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: i: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: g: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: e: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: c: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
File opened: a: |
Jump to behavior |
Source: SecuriteInfo.com.Heur.7529.3828.exe, json.dll.0.dr, sqlite3.dll.0.dr |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000002.3391318080.0000000009ADD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: SecuriteInfo.com.Heur.7529.3828.exe, leveldb-viewer.exe.0.dr |
String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q |
Source: SecuriteInfo.com.Heur.7529.3828.exe, leveldb-viewer.exe.0.dr |
String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t |
Source: SecuriteInfo.com.Heur.7529.3828.exe, leveldb-viewer.exe.0.dr |
String found in binary or memory: http://crl.sectigo.com/COMODOTimeStampingCA_2.crl0r |
Source: SecuriteInfo.com.Heur.7529.3828.exe, json.dll.0.dr, sqlite3.dll.0.dr |
String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y |
Source: SecuriteInfo.com.Heur.7529.3828.exe, json.dll.0.dr, sqlite3.dll.0.dr |
String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0 |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000000.2102968553.00000000012BB000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s |
Source: SecuriteInfo.com.Heur.7529.3828.exe, json.dll.0.dr, leveldb-viewer.exe.0.dr, sqlite3.dll.0.dr |
String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t |
Source: SecuriteInfo.com.Heur.7529.3828.exe, leveldb-viewer.exe.0.dr |
String found in binary or memory: http://crt.sectigo.com/COMODOTimeStampingCA_2.crt0# |
Source: SecuriteInfo.com.Heur.7529.3828.exe, json.dll.0.dr, sqlite3.dll.0.dr |
String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0# |
Source: SecuriteInfo.com.Heur.7529.3828.exe, json.dll.0.dr, sqlite3.dll.0.dr |
String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0# |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000000.2102968553.00000000012BB000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0# |
Source: SecuriteInfo.com.Heur.7529.3828.exe, json.dll.0.dr, leveldb-viewer.exe.0.dr, sqlite3.dll.0.dr |
String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0# |
Source: SecuriteInfo.com.Heur.7529.3828.exe, json.dll.0.dr, leveldb-viewer.exe.0.dr, sqlite3.dll.0.dr |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: SecuriteInfo.com.Heur.7529.3828.exe, json.dll.0.dr, leveldb-viewer.exe.0.dr, sqlite3.dll.0.dr |
String found in binary or memory: http://ocsp.sectigo.com0 |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000000.2102968553.0000000001B8D000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://privazer.com/downloadupdate.php?changelog |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/ |
Source: SecuriteInfo.com.Heur.7529.3828.exe, leveldb-viewer.exe.0.dr |
String found in binary or memory: http://www.privazer.com |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: http://www.privazer.com/ |
Source: SecuriteInfo.com.Heur.7529.3828.exe, sqlite3.dll.0.dr |
String found in binary or memory: http://www.sqlite.org/copyright.html. |
Source: leveldb-viewer.exe.0.dr |
String found in binary or memory: https://gcc.gnu.org/bugs/): |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000000.2102968553.0000000001FFA000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://privazer.com/bug-madexcept.php |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://privazer.com/latest_donations.php |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://privazer.com/latest_donations.phpmsctls_progress32 |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000002.3391318080.0000000009ADD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000002.3391318080.0000000009A27000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://privazer.com/new_version_4.0.092.txt |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000002.3391318080.0000000009ADD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://privazer.com/new_version_4.0.092.txttxt7 |
Source: SecuriteInfo.com.Heur.7529.3828.exe, json.dll.0.dr, sqlite3.dll.0.dr |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: SecuriteInfo.com.Heur.7529.3828.exe, leveldb-viewer.exe.0.dr |
String found in binary or memory: https://sectigo.com/CPS0B |
Source: SecuriteInfo.com.Heur.7529.3828.exe, leveldb-viewer.exe.0.dr |
String found in binary or memory: https://sectigo.com/CPS0D |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000002.3391318080.0000000009ADD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.privazer.com/G |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/PrivaZer.exe |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/PrivaZer_Pro.exe |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/changelog.php |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/changelog.phpopenU |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/download-pro.php |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/download-pro.phpopenhttps://www.privazer.com/version-difference.php3 |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/download-pro.phpopenhttps://www.privazer.com/version-difference.phpS |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/exit_unicode.php?country= |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/language_alert.php |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/language_alert.phpopen |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/latest_donations.php |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/my_latest_donation.php?email= |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/new_version_4.0.092.txt |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/order-privazer.htm |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/order-privazer.htmopen |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/pay-EUR-GBP.php |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/pay-EUR-GBP.php?donors=1&left= |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/pay-EUR-GBP.php?donors=1&support=1 |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/pay-EUR-GBP.php?donors=1&support=1https://www.privazer.com/pay-EUR-GBP.phpS |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/pay-EUR-GBP.phpopen |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/pay-EUR-GBP.phpopenJRUN_A_CLEANUP_AT_PC_STARTUP_NOTIFY_ME |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/pay-EUR-GBP.phpopenS |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/pay-EUR-GBP.phpopenSVW |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/pay-EUR-GBP.phpopenU |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/support.php |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/support.phpopen |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/support.phpopenU |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.com/version-difference.php |
Source: SecuriteInfo.com.Heur.7529.3828.exe, json.dll.0.dr, sqlite3.dll.0.dr |
String found in binary or memory: https://www.privazer.com0 |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000002.3391318080.00000000099AF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.privazer.com:443/new_version_4.0.092.txt |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
String found in binary or memory: https://www.privazer.comhttps://www.privazer.com/download-pro.phpopenhttps://www.privazer.com/versio |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000000.2101887856.0000000000401000.00000020.00000001.01000000.00000003.sdmp |
Binary or memory string: /K vssadmin delete shadows /for=c: /oldest /QUIET |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000000.2101887856.0000000000401000.00000020.00000001.01000000.00000003.sdmp |
Binary or memory string: H/K vssadmin delete shadows /for=c: /oldest /QUIETC:\\ |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000000.2101887856.0000000000401000.00000020.00000001.01000000.00000003.sdmp |
Binary or memory string: /C vssadmin delete shadows /for= |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000000.2101887856.0000000000401000.00000020.00000001.01000000.00000003.sdmp |
Binary or memory string: /C vssadmin delete shadows /for= |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
Binary or memory string: /K vssadmin delete shadows /for=c: /oldest /QUIET |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
Binary or memory string: H/K vssadmin delete shadows /for=c: /oldest /QUIETC:\\ |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
Binary or memory string: /C vssadmin delete shadows /for= |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
Binary or memory string: /C vssadmin delete shadows /for= |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000000.2102968553.0000000001271000.00000002.00000001.01000000.00000003.sdmp, sqlite3.dll.0.dr |
Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000000.2102968553.0000000001271000.00000002.00000001.01000000.00000003.sdmp, sqlite3.dll.0.dr |
Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB); |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000000.2102968553.0000000001271000.00000002.00000001.01000000.00000003.sdmp, sqlite3.dll.0.dr |
Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB); |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000000.2102968553.0000000001271000.00000002.00000001.01000000.00000003.sdmp, sqlite3.dll.0.dr |
Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx)); |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000000.2102968553.0000000001271000.00000002.00000001.01000000.00000003.sdmp, sqlite3.dll.0.dr |
Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0; |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000000.2102968553.0000000001271000.00000002.00000001.01000000.00000003.sdmp, sqlite3.dll.0.dr |
Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q); |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000000.2102968553.0000000001271000.00000002.00000001.01000000.00000003.sdmp, sqlite3.dll.0.dr |
Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB); |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000000.2102968553.0000000001271000.00000002.00000001.01000000.00000003.sdmp, sqlite3.dll.0.dr |
Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN); |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000000.2102968553.0000000001271000.00000002.00000001.01000000.00000003.sdmp, sqlite3.dll.0.dr |
Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode); |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000000.2102968553.0000000001271000.00000002.00000001.01000000.00000003.sdmp, sqlite3.dll.0.dr |
Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN); |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: msi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: faultrep.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: dbgcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: esent.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: explorerframe.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: olepro32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: websocket.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: pstorec.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: fmifs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: ulib.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: ifsutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: srclient.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: spp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: vssapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: vsstrace.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: ktmw32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: thumbcache.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: ntshrui.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: cscapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Automated click: Next > |
Source: sqlite3.dll.0.dr |
Static PE information: section name: .00cfg |
Source: json.dll.0.dr |
Static PE information: section name: .didata |
Source: leveldb-viewer.exe.0.dr |
Static PE information: section name: /4 |
Source: leveldb-viewer.exe.0.dr |
Static PE information: section name: /14 |
Source: leveldb-viewer.exe.0.dr |
Static PE information: section name: /29 |
Source: leveldb-viewer.exe.0.dr |
Static PE information: section name: /41 |
Source: leveldb-viewer.exe.0.dr |
Static PE information: section name: /55 |
Source: leveldb-viewer.exe.0.dr |
Static PE information: section name: /67 |
Source: leveldb-viewer.exe.0.dr |
Static PE information: section name: /80 |
Source: leveldb-viewer.exe.0.dr |
Static PE information: section name: /91 |
Source: leveldb-viewer.exe.0.dr |
Static PE information: section name: /102 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05C54474 push 05C544CAh; ret |
0_2_05C544C2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05CC4438 push ecx; mov dword ptr [esp], ecx |
0_2_05CC443C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05C0A7FC push ecx; mov dword ptr [esp], eax |
0_2_05C0A7FE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05BFE7E4 push ecx; mov dword ptr [esp], edx |
0_2_05BFE7E5 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05BFE7CC push ecx; mov dword ptr [esp], edx |
0_2_05BFE7CD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05BFE6B8 push ecx; mov dword ptr [esp], edx |
0_2_05BFE6B9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05BFE692 push ecx; mov dword ptr [esp], edx |
0_2_05BFE695 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05BFE6DA push ecx; mov dword ptr [esp], edx |
0_2_05BFE6DD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05BFE634 push ecx; mov dword ptr [esp], edx |
0_2_05BFE635 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05BFE64C push ecx; mov dword ptr [esp], edx |
0_2_05BFE64D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05BFE640 push ecx; mov dword ptr [esp], edx |
0_2_05BFE641 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05CC2160 push ecx; mov dword ptr [esp], ecx |
0_2_05CC2164 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05C56124 push ecx; mov dword ptr [esp], ecx |
0_2_05C56128 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05BFE01C push ecx; mov dword ptr [esp], edx |
0_2_05BFE01D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05C5C3C8 push ecx; mov dword ptr [esp], ecx |
0_2_05C5C3CC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05C5E36C push ecx; mov dword ptr [esp], ecx |
0_2_05C5E370 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05CBE31C push 05CBE38Eh; ret |
0_2_05CBE386 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05CBE2E0 push ecx; mov dword ptr [esp], edx |
0_2_05CBE2E5 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05CC4248 push ecx; mov dword ptr [esp], ecx |
0_2_05CC424C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05C5A214 push ecx; mov dword ptr [esp], ecx |
0_2_05C5A218 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05C58D40 push ecx; mov dword ptr [esp], ecx |
0_2_05C58D44 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05C1ECD8 push ecx; mov dword ptr [esp], eax |
0_2_05C1ECD9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05C00CDA push ecx; mov dword ptr [esp], edx |
0_2_05C00CDD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05C1ECA8 push ecx; mov dword ptr [esp], eax |
0_2_05C1ECA9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05C0ACBC push 05C0ACF4h; ret |
0_2_05C0ACEC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05C28E78 push ecx; mov dword ptr [esp], ecx |
0_2_05C28E7B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05CCC9C4 push ecx; mov dword ptr [esp], edx |
0_2_05CCC9C9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05C0A9D0 push ecx; mov dword ptr [esp], eax |
0_2_05C0A9D2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05C62980 push ecx; mov dword ptr [esp], edx |
0_2_05C62985 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05C009A2 push ecx; mov dword ptr [esp], ecx |
0_2_05C009A9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.7529.3828.exe |
Code function: 0_2_05C629BC push 05C62A35h; ret |
0_2_05C62A2D |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
Binary or memory string: *ALLUSERSPROFILE_APPDATA|VMware\logs||*.log |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
Binary or memory string: VMware |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000002.3391318080.0000000009ADD000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWFICE6=1 #Izarcllsh |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000002.3389758705.0000000009870000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: 4OFFICE74=0 #VMware Player0zV |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
Binary or memory string: 'LocalAppDataPath|Temp\vmware-fla||*.log |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
Binary or memory string: VMware Player 050620fe75ee0093 05e01ecaf82f7d8e 06059df4b02360af 070b52cf73249257 0a1d19afe5a80f80 |
Source: PrivaZer.default.ini.0.dr |
Binary or memory string: OFFICE74=0 #VMware Player |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
Binary or memory string: LocalAppDataPath|Temp\vmware-fla||*.log |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
Binary or memory string: Twitter 888f2fa044591eda8Adobe Acrobat 9 Pro Extended 8a461f82e9eb41022ACDSee Photo Manager 2009 8dcca8b24a5e822e$VMware Workstation 8eafbd04ec8631ce |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000002.3391318080.0000000009ADD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000002.3373961376.00000000021F8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
Binary or memory string: WNNC_NET_VMWARE |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
Binary or memory string: ALLUSERSPROFILE_APPDATA|VMware\logs||*.log |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000002.3391318080.0000000009B52000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: 4OFFICE74=0 #VMware Playerr |
Source: SecuriteInfo.com.Heur.7529.3828.exe, 00000000.00000002.3391318080.0000000009B52000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: 4OFFICE74=0 #VMware Player |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
Binary or memory string: VMware Player |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
Binary or memory string: VMware.Console |
Source: SecuriteInfo.com.Heur.7529.3828.exe |
Binary or memory string: VMWare Player |