Source: MP_TLK4EE_M_01G_Rev_E.exe |
Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: MP_TLK4EE_M_01G_Rev_E.exe |
String found in binary or memory: http://192.168.86.1/download.html |
Source: MP_TLK4EE_M_01G_Rev_E.exe |
String found in binary or memory: http://192.168.86.1/download.htmlHost192.168.86.1Content-Typemultipart/form-data; |
Source: MP_TLK4EE_M_01G_Rev_E.exe |
String found in binary or memory: http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd |
Source: MP_TLK4EE_M_01G_Rev_E.exe |
String found in binary or memory: http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtdurn:oasis:names:tc:entity:xmlns:x |
Source: MP_TLK4EE_M_01G_Rev_E.exe |
String found in binary or memory: http://www.xmlspy.com) |
Source: MP_TLK4EE_M_01G_Rev_E.exe |
Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: classification engine |
Classification label: clean10.evad.winEXE@1/0@0/1 |
Source: Yara match |
File source: MP_TLK4EE_M_01G_Rev_E.exe, type: SAMPLE |
Source: Yara match |
File source: 00000000.00000000.1320318006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: MP_TLK4EE_M_01G_Rev_E.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Automated click: Continue |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: MP_TLK4EE_M_01G_Rev_E.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: MP_TLK4EE_M_01G_Rev_E.exe |
Static file information: File size 2429952 > 1048576 |
Source: MP_TLK4EE_M_01G_Rev_E.exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x106200 |
Source: MP_TLK4EE_M_01G_Rev_E.exe |
Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x118600 |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Window / User API: foregroundWindowGot 536 |
Jump to behavior |
Source: C:\Users\user\Desktop\MP_TLK4EE_M_01G_Rev_E.exe |
Window / User API: foregroundWindowGot 496 |
Jump to behavior |
Source: MP_TLK4EE_M_01G_Rev_E.exe, 00000000.00000002.2587860474.000000000092F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWP- |
Source: MP_TLK4EE_M_01G_Rev_E.exe, 00000000.00000002.2587860474.0000000000960000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW/g |
Source: MP_TLK4EE_M_01G_Rev_E.exe, 00000000.00000002.2587860474.0000000000960000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |