Source: Submited Sample |
Integrated Neural Analysis Model: Matched 93.4% probability |
Source: DataIndustrial.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: |
Binary string: c:\Projects\wPC_DIC_COMBO\Release\DataIndustrial.pdb source: DataIndustrial.exe |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_004513CB __EH_prolog3_GS,GetFullPathNameA,_DebugHeapAllocator,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,_DebugHeapAllocator, |
0_2_004513CB |
Source: unknown |
DNS traffic detected: query: 15.164.165.52.in-addr.arpa replaycode: Name error (3) |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic |
DNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa |
Source: DataIndustrial.exe |
String found in binary or memory: http://google.com/ |
Source: DataIndustrial.exe |
String found in binary or memory: http://google.com/( |
Source: DataIndustrial.exe |
String found in binary or memory: http://www.badgermeter.com/Industrial.aspx |
Source: DataIndustrial.exe |
String found in binary or memory: http://www.badgermeter.com/Literature/Industrial-Literature-Index/Impeller-Products.aspx |
Source: DataIndustrial.exe |
String found in binary or memory: http://www.badgermeter.com/Literature/Industrial-Literature-Index/Impeller-Products.aspxopenManuals |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_00460D51 __EH_prolog3,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetParent,SendMessageA,_memset,ScreenToClient,_memset,GetCursorPos,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SetWindowPos,SendMessageA,_memset,SendMessageA,GetParent, |
0_2_00460D51 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_00444DBB GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA, |
0_2_00444DBB |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_0045D074 ScreenToClient,_memset,GetKeyState,GetKeyState,GetKeyState,KillTimer,IsWindow, |
0_2_0045D074 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_004467E3 |
0_2_004467E3 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_0046E0BE |
0_2_0046E0BE |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_00466296 |
0_2_00466296 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_00474640 |
0_2_00474640 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_004666A2 |
0_2_004666A2 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_0046E9D3 |
0_2_0046E9D3 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_00466AC2 |
0_2_00466AC2 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_00474B84 |
0_2_00474B84 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_0042AF60 |
0_2_0042AF60 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_004750C8 |
0_2_004750C8 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_0047595E |
0_2_0047595E |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_004659ED |
0_2_004659ED |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_0046FD8E |
0_2_0046FD8E |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_00465EC2 |
0_2_00465EC2 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: String function: 00413FC0 appears 50 times |
|
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: String function: 0046791C appears 51 times |
|
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: String function: 0044C6AB appears 46 times |
|
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: String function: 004493A1 appears 33 times |
|
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: String function: 0046775A appears 150 times |
|
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: String function: 0046778D appears 42 times |
|
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: String function: 0042C800 appears 82 times |
|
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: String function: 004041E0 appears 148 times |
|
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: String function: 0044C65F appears 41 times |
|
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: String function: 00403170 appears 183 times |
|
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: String function: 004436FD appears 75 times |
|
Source: DataIndustrial.exe |
Binary or memory string: OriginalFileName vs DataIndustrial.exe |
Source: DataIndustrial.exe, 00000000.00000000.1709328170.000000000047E000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFileName vs DataIndustrial.exe |
Source: DataIndustrial.exe, 00000000.00000000.1709328170.000000000047E000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: \\.\COM%dCOMCOM%dSETUPAPI.DLLSetupDiOpenDevRegKeySetupDiClassGuidsFromNameASetupDiGetClassDevsASetupDiDestroyDeviceInfoListSetupDiEnumDeviceInfoPortsPortsPortNameCOMCOM\\VarFileInfo\Translation\StringFileInfo\%04X%04X\CompanyNameFileDescriptionFileVersionInternalNameLegalCopyrightOriginalFileNameProductNameProductVersionCommentsLegalTrademarksPrivateBuildSpecialBuild vs DataIndustrial.exe |
Source: DataIndustrial.exe, 00000000.00000002.2947549346.000000000081D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameD3D10Warp.dl vs DataIndustrial.exe |
Source: DataIndustrial.exe, 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFileName vs DataIndustrial.exe |
Source: DataIndustrial.exe, 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: \\.\COM%dCOMCOM%dSETUPAPI.DLLSetupDiOpenDevRegKeySetupDiClassGuidsFromNameASetupDiGetClassDevsASetupDiDestroyDeviceInfoListSetupDiEnumDeviceInfoPortsPortsPortNameCOMCOM\\VarFileInfo\Translation\StringFileInfo\%04X%04X\CompanyNameFileDescriptionFileVersionInternalNameLegalCopyrightOriginalFileNameProductNameProductVersionCommentsLegalTrademarksPrivateBuildSpecialBuild vs DataIndustrial.exe |
Source: DataIndustrial.exe |
Binary or memory string: OriginalFileName vs DataIndustrial.exe |
Source: DataIndustrial.exe |
Binary or memory string: \\.\COM%dCOMCOM%dSETUPAPI.DLLSetupDiOpenDevRegKeySetupDiClassGuidsFromNameASetupDiGetClassDevsASetupDiDestroyDeviceInfoListSetupDiEnumDeviceInfoPortsPortsPortNameCOMCOM\\VarFileInfo\Translation\StringFileInfo\%04X%04X\CompanyNameFileDescriptionFileVersionInternalNameLegalCopyrightOriginalFileNameProductNameProductVersionCommentsLegalTrademarksPrivateBuildSpecialBuild vs DataIndustrial.exe |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE |
Jump to behavior |
Source: DataIndustrial.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal48.evad.winEXE@1/4@1/0 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_0041F780 GetLastError,_memset,FormatMessageA,_strcat, |
0_2_0041F780 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_00414160 FindResourceA, |
0_2_00414160 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\128[1] |
Jump to behavior |
Source: DataIndustrial.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
File read: C:\Users\user\Desktop\DataIndustrial.exe:Zone.Identifier |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: oledlg.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: ieframe.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: dataexchange.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: dcomp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: msiso.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: mshtml.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: srpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: msimtf.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: d2d1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Section loaded: mlang.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32 |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: DataIndustrial.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: c:\Projects\wPC_DIC_COMBO\Release\DataIndustrial.pdb source: DataIndustrial.exe |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_00426D00 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,RegQueryValueExA,_strlen,RegCloseKey,FreeLibrary, |
0_2_00426D00 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_00467832 push ecx; ret |
0_2_00467845 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_00467961 push ecx; ret |
0_2_00467974 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_00442063 MonitorFromWindow,IsIconic,GetWindowPlacement,GetWindowRect, |
0_2_00442063 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_00426800 IsIconic, |
0_2_00426800 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Memory allocated: 4580000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_004513CB __EH_prolog3_GS,GetFullPathNameA,_DebugHeapAllocator,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,_DebugHeapAllocator, |
0_2_004513CB |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_00467C67 VirtualQuery,GetSystemInfo,GetModuleHandleW,GetProcAddress,VirtualAlloc,VirtualProtect, |
0_2_00467C67 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_0046722D _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_0046722D |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_00467C67 VirtualProtect ?,-00000001,00000104,? |
0_2_00467C67 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_00426D00 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,RegQueryValueExA,_strlen,RegCloseKey,FreeLibrary, |
0_2_00426D00 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_004725D3 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_004725D3 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_0046722D _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_0046722D |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_004637E0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_004637E0 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_00471A57 SetUnhandledExceptionFilter, |
0_2_00471A57 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Memory allocated: page read and write | page guard |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: _strcpy_s,GetLocaleInfoA,__snwprintf_s,LoadLibraryA, |
0_2_0044D8B2 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: GetLocaleInfoA, |
0_2_004752AA |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_004723B2 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, |
0_2_004723B2 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_00470B17 __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson, |
0_2_00470B17 |
Source: C:\Users\user\Desktop\DataIndustrial.exe |
Code function: 0_2_00426AC0 GetVersionExA,QueryDosDeviceA,_strlen,SetLastError, |
0_2_00426AC0 |