Click to jump to signature section
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | ReversingLabs: Detection: 68% |
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Virustotal: Detection: 63% | Perma Link |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B8599150 CryptStringToBinaryA,?_Random_device@std@@YAIXZ,_Query_perf_frequency,_Query_perf_counter,log,cos,sin,exp,pow,tan,memset,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,memset,CryptStringToBinaryA,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,malloc,memcpy,getenv,_flushall,CreateProcessA,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,free, | 0_2_00007FF7B8599150 |
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: | Binary string: C:\Calc\Builds\922AVUSVRZEXKB\x64\Release\Loader.pdb,, source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe |
Source: | Binary string: C:\Calc\Builds\922AVUSVRZEXKB\x64\Release\Loader.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B85BA518 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,CloseHandle,CloseHandle,abort, | 0_2_00007FF7B85BA518 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B8597EC0 InternetOpenA,?_Random_device@std@@YAIXZ,_Query_perf_frequency,_Query_perf_counter,log,cos,sin,exp,pow,tan,memset,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,InternetOpenUrlA,InternetReadFile,memcpy,memset,InternetCloseHandle,InternetCloseHandle,_invalid_parameter_noinfo_noreturn,InternetCloseHandle,_invalid_parameter_noinfo_noreturn, | 0_2_00007FF7B8597EC0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B85A4580 | 0_2_00007FF7B85A4580 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B85A0640 | 0_2_00007FF7B85A0640 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B85A36E0 | 0_2_00007FF7B85A36E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B8599150 | 0_2_00007FF7B8599150 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B85B5A00 | 0_2_00007FF7B85B5A00 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B85A59E3 | 0_2_00007FF7B85A59E3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B85B9A20 | 0_2_00007FF7B85B9A20 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B85943E0 | 0_2_00007FF7B85943E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B85A73E3 | 0_2_00007FF7B85A73E3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B859D3A0 | 0_2_00007FF7B859D3A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B85934B0 | 0_2_00007FF7B85934B0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B85BA518 | 0_2_00007FF7B85BA518 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B8594640 | 0_2_00007FF7B8594640 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B8597EC0 | 0_2_00007FF7B8597EC0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B85B3080 | 0_2_00007FF7B85B3080 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6576 -s 380 |
Source: classification engine | Classification label: mal52.winEXE@2/5@0/0 |
Source: C:\Windows\System32\WerFault.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6576 |
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | ReversingLabs: Detection: 68% |
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Virustotal: Detection: 63% |
Source: unknown | Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe" |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6576 -s 380 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Section loaded: msvcp140.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Section loaded: dxgi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Section loaded: vcruntime140_1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Section loaded: vcruntime140.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Section loaded: vcruntime140.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Section loaded: resourcepolicyclient.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Static PE information: Image base 0x140000000 > 0x60000000 |
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: | Binary string: C:\Calc\Builds\922AVUSVRZEXKB\x64\Release\Loader.pdb,, source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe |
Source: | Binary string: C:\Calc\Builds\922AVUSVRZEXKB\x64\Release\Loader.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe |
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B85BA518 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,CloseHandle,CloseHandle,abort, | 0_2_00007FF7B85BA518 |
Source: Amcache.hve.3.dr | Binary or memory string: VMware |
Source: Amcache.hve.3.dr | Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.3.dr | Binary or memory string: vmci.syshbin |
Source: Amcache.hve.3.dr | Binary or memory string: VMware, Inc. |
Source: Amcache.hve.3.dr | Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.3.dr | Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.3.dr | Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.3.dr | Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.3.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.3.dr | Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.3.dr | Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.3.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.3.dr | Binary or memory string: vmci.sys |
Source: Amcache.hve.3.dr | Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: Amcache.hve.3.dr | Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.3.dr | Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.3.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.3.dr | Binary or memory string: VMware20,1 |
Source: Amcache.hve.3.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.3.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.3.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.3.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.3.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.3.dr | Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.3.dr | Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.3.dr | Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.3.dr | Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.3.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.3.dr | Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B85BB480 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 0_2_00007FF7B85BB480 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B85BB2A8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 0_2_00007FF7B85BB2A8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B85BB480 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 0_2_00007FF7B85BB480 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B85BB660 SetUnhandledExceptionFilter, | 0_2_00007FF7B85BB660 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe | Code function: 0_2_00007FF7B85BB6CC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, | 0_2_00007FF7B85BB6CC |
Source: Amcache.hve.3.dr | Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe |
Source: Amcache.hve.3.dr | Binary or memory string: msmpeng.exe |
Source: Amcache.hve.3.dr | Binary or memory string: c:\program files\windows defender\msmpeng.exe |
Source: Amcache.hve.3.dr | Binary or memory string: MsMpEng.exe |