Source: | Binary string: \Kdmapper-Bypass360-main\kdmapper-master\x64\Release\kdmapper.pdb/ source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: C:\Users\Administrator\Desktop\Kernel_project\kdmapper\x64\Release\kdmapper.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: D:\Documents\Desktop\kdmapper-master\x64\Release\kdmapper.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: UI\x64\Release\COD19.pdb55 source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: UI\x64\Release\COD19.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: D:\Documents\Desktop\kdmapper-master\x64\Release\kdmapper.pdb11 source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: C:\Users\Administrator\Desktop\Kernel_project\kdmapper\x64\Release\kdmapper.pdb- source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: D:\C++\hacking\cod_driver\x64\Release\kdmapper_driver.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: D:\Labs\Shark-master\Build\Bins\AMD64\Shark.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: \Kdmapper-Bypass360-main\kdmapper-master\x64\Release\kdmapper.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: UI\x64\Release\COD20.pdb55 source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: C:\Users\willwon\source\repos\mutante3\mutante\build\bin\mutante.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: C:\Windows\Start.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: e:\work\dangerzone\flashdriverwin32\Release\i386\amifldrv32.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: c:\users\cloudbuild\337244\sdk\nal\src\winnt_wdm\driver\objfre_wnet_AMD64\amd64\iqvw64e.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp, 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: UI\x64\Release\COD20.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: e:\work\dangerzone\flashdriverwin64\Release\amd64\amifldrv64.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.000000000050A000.00000002.00000001.01000000.00000003.sdmp, 0yGDYqDKv5.exe, 00000000.00000002.3296531490.000000000198E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://103.239.244.218:8898/ |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.000000000050A000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://103.239.244.218:8898/600006030021.00 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.000000000050A000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://154.12.36.162/BOT2/LDvar.exe |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.000000000050A000.00000002.00000001.01000000.00000003.sdmp, 0yGDYqDKv5.exe, 00000000.00000002.3296531490.000000000198E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://154.12.36.162/BOT2/Var |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://cacerts.pki.jemmylovejenny.tk/EVRootCA.crt0? |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://cacerts.pki.jemmylovejenny.tk/SHA1TimeStampingServicesCA.crt0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://cacerts.pki.jemmylovejenny.tk/SHA2TimeStampingServicesCA.crt0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp, 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://crls.pki.jemmylovejenny.tk/EVRootCA.crl0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://crls.pki.jemmylovejenny.tk/SHA1TimeStampingServicesCA.crl0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://crls.pki.jemmylovejenny.tk/SHA2TimeStampingServicesCA.crl0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://ocsp.digicert.com0A |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://ocsp.digicert.com0C |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://ocsp.digicert.com0H |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://ocsp.digicert.com0I |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://ocsp.pki.jemmylovejenny.tk/EVRootCA0= |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://ocsp.pki.jemmylovejenny.tk/SHA1TimeStampingServicesCA0O |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://ocsp.pki.jemmylovejenny.tk/SHA2TimeStampingServicesCA0O |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp, 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://ocsp.thawte.com0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://sf.symcb.com/sf.crl0f |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://sf.symcb.com/sf.crt0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://sf.symcd.com0& |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://t2.symcb.com0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://tl.symcb.com/tl.crl0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://tl.symcb.com/tl.crt0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://tl.symcd.com0& |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp, 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp, 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp, 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp, 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000B44000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: http://www.eyuyan.com)DVarFileInfo$ |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: https://d.symcb.com/cps0% |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: https://d.symcb.com/rpa0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: https://github.com/cadsondemak/kanit) |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: https://pki.jemmylovejenny.tk/cps0/ |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: https://pki.jemmylovejenny.tk/rpa0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: https://scripts.sil.org/OFLThis |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: https://scripts.sil.org/OFLhttps://www.katatrad.comhttps://cadsondemak.comKatatrad |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: https://www.thawte.com/cps0/ |
Source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: https://www.thawte.com/repository0 |
Source: Yara match | File source: 0.2.0yGDYqDKv5.exe.a91197.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.0yGDYqDKv5.exe.a91197.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.0yGDYqDKv5.exe.a84e2a.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.0yGDYqDKv5.exe.a87642.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.0yGDYqDKv5.exe.62901a.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.0yGDYqDKv5.exe.613a00.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.0yGDYqDKv5.exe.616eba.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.0yGDYqDKv5.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: 0yGDYqDKv5.exe PID: 5536, type: MEMORYSTR |
Source: 0.2.0yGDYqDKv5.exe.a91197.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.2.0yGDYqDKv5.exe.a91197.4.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.2.0yGDYqDKv5.exe.a84e2a.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.2.0yGDYqDKv5.exe.a87642.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.2.0yGDYqDKv5.exe.62901a.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.2.0yGDYqDKv5.exe.613a00.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.2.0yGDYqDKv5.exe.616eba.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.2.0yGDYqDKv5.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.2.0yGDYqDKv5.exe.a91197.4.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.2.0yGDYqDKv5.exe.a91197.4.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.2.0yGDYqDKv5.exe.a84e2a.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.2.0yGDYqDKv5.exe.a87642.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.2.0yGDYqDKv5.exe.62901a.3.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.2.0yGDYqDKv5.exe.613a00.6.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.2.0yGDYqDKv5.exe.616eba.5.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.2.0yGDYqDKv5.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: msvfw32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: avifil32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: msacm32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: winmmbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: winmmbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: d3d9.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: dwmapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: | Binary string: \Kdmapper-Bypass360-main\kdmapper-master\x64\Release\kdmapper.pdb/ source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: C:\Users\Administrator\Desktop\Kernel_project\kdmapper\x64\Release\kdmapper.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: D:\Documents\Desktop\kdmapper-master\x64\Release\kdmapper.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: UI\x64\Release\COD19.pdb55 source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: UI\x64\Release\COD19.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: D:\Documents\Desktop\kdmapper-master\x64\Release\kdmapper.pdb11 source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: C:\Users\Administrator\Desktop\Kernel_project\kdmapper\x64\Release\kdmapper.pdb- source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: D:\C++\hacking\cod_driver\x64\Release\kdmapper_driver.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: D:\Labs\Shark-master\Build\Bins\AMD64\Shark.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: \Kdmapper-Bypass360-main\kdmapper-master\x64\Release\kdmapper.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: UI\x64\Release\COD20.pdb55 source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: C:\Users\willwon\source\repos\mutante3\mutante\build\bin\mutante.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: C:\Windows\Start.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: e:\work\dangerzone\flashdriverwin32\Release\i386\amifldrv32.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: c:\users\cloudbuild\337244\sdk\nal\src\winnt_wdm\driver\objfre_wnet_AMD64\amd64\iqvw64e.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp, 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: UI\x64\Release\COD20.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.00000000005DB000.00000002.00000001.01000000.00000003.sdmp |
Source: | Binary string: e:\work\dangerzone\flashdriverwin64\Release\amd64\amifldrv64.pdb source: 0yGDYqDKv5.exe, 00000000.00000002.3295192113.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Memory written: PID: 5536 base: 35B0005 value: E9 2B BA 90 73 | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Memory written: PID: 5536 base: 76EBBA30 value: E9 DA 45 6F 8C | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Memory written: PID: 5536 base: 36C0008 value: E9 8B 8E 84 73 | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Memory written: PID: 5536 base: 76F08E90 value: E9 80 71 7B 8C | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Memory written: PID: 5536 base: 36D0005 value: E9 8B 4D 3A 72 | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Memory written: PID: 5536 base: 75A74D90 value: E9 7A B2 C5 8D | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Memory written: PID: 5536 base: 36F0005 value: E9 EB EB 39 72 | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Memory written: PID: 5536 base: 75A8EBF0 value: E9 1A 14 C6 8D | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Memory written: PID: 5536 base: 3700005 value: E9 8B 8A 75 72 | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Memory written: PID: 5536 base: 75E58A90 value: E9 7A 75 8A 8D | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Memory written: PID: 5536 base: 3710005 value: E9 2B 02 77 72 | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Memory written: PID: 5536 base: 75E80230 value: E9 DA FD 88 8D | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Memory written: PID: 5536 base: 3720005 value: E9 8B 2F 7D 73 | Jump to behavior |
Source: C:\Users\user\Desktop\0yGDYqDKv5.exe | Memory written: PID: 5536 base: 76EF2F90 value: E9 7A D0 82 8C | Jump to behavior |