Windows Analysis Report
OneDrive_1_25-11-2024.zip

Overview

General Information

Sample name: OneDrive_1_25-11-2024.zip
Analysis ID: 1562264
MD5: 35f5af664863b514eea4870ad0b3a493
SHA1: 8c8630bbba23d64dd1b63fe726982ea2e0fed098
SHA256: fa9e09e1cc1e240440ca21d233841eb0611bc9664bedc9e27f55fc30573dfbb1
Infos:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Queries keyboard layouts

Classification

Source: KRoMX2018.exe, 0000000E.00000003.2236466330.0000000003848000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.eci.org/eci/en/eciRGB.php
Source: KRoMX2018.exe, 0000000E.00000003.2236466330.0000000003848000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.eci.org/eci/en/eciRGB.phpdesc
Source: classification engine Classification label: clean0.winZIP@6/0@0/0
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\ndcnt.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe File read: C:\Windows\win.ini Jump to behavior
Source: C:\Windows\System32\rundll32.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE GAZOWANIE SET MAG = 'A03' WHERE MAG = 'A-3';
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO S_CERT (NAZWA) VALUES ('Global Gap');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO SL_WOJEWODZTW (ID, NAZWA) VALUES (16, 'zachodniopomorskie');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE GAZOWANIE SET MAG = 'A10' WHERE MAG = 'A-10';
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO FORMA_WLASN (ID, NAZWA) VALUES ('G', 'Gospodarstwo Rodzinne');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO S_PJ (ID_S_PJ, NAZWA) VALUES ( 6, 'NO3');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE GAZOWANIE SET MAG = 'B09' WHERE MAG = 'B-9';
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE GAZOWANIE SET MAG = 'A09' WHERE MAG = 'A-9';
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE GAZOWANIE SET MAG = 'B03' WHERE MAG = 'B-3';
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO SL_WOJEWODZTW (ID, NAZWA) VALUES (10, 'podlaskie');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO SL_WOJEWODZTW (ID, NAZWA) VALUES (15, 'wielkopolskie');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO S_PJ (ID_S_PJ, NAZWA) VALUES ( 7, 'Obicia');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO S_JAKOSC_DST (ID, NAZWA) VALUES (0, 'Brak wyboru');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO S_PJ (ID_S_PJ, NAZWA) VALUES (12, 'Test');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO S_PJ (ID_S_PJ, NAZWA) VALUES (14, 'UWG');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO S_PJ (ID_S_PJ, NAZWA) VALUES ( 1, 'CUKRY');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE GAZOWANIE SET MAG = 'B06' WHERE MAG = 'B-6';
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE GAZOWANIE SET MAG = 'A06' WHERE MAG = 'A-6';
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO PA_PRD_ZAST (ID_TYP, NAZWA) VALUES (3, 'DW');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE BUNKRY SET NAZWA = 'P1' WHERE ID_BUNKRA = 1;
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE GAZOWANIE SET MAG = 'A07' WHERE MAG = 'A-7';
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO BUNKRY (NAZWA) VALUES ('P4');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE GAZOWANIE SET MAG = 'A04' WHERE MAG = 'A-4';
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE GAZOWANIE SET MAG = 'B04' WHERE MAG = 'B-4';
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE KONTRAH SET NIP_P = ' ' WHERE NIP_P IS NULL;
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE BUNKRY SET NAZWA = 'P2' WHERE ID_BUNKRA = 2;
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO S_PJ (ID_S_PJ, NAZWA) VALUES (15, 'Zanieczyszczenia');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO BUNKRY (NAZWA) VALUES ('B1');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE GAZOWANIE SET MAG = 'B07' WHERE MAG = 'B-7';
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO S_PROD (NAZWA) VALUES ('Przysnacki');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO S_PROD (NAZWA) VALUES ('standard');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO SL_WOJEWODZTW (ID, NAZWA) VALUES (11, 'pomorskie');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO S_CERT (NAZWA) VALUES ('Brak');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE BUNKRY SET NAZWA = 'P3' WHERE ID_BUNKRA = 3;
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO FORMA_WLASN (ID, NAZWA) VALUES ('P', 'Grupa Producencka');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO SL_WOJEWODZTW (ID, NAZWA) VALUES ( 4, 'lubuskie');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO SL_WOJEWODZTW (ID, NAZWA) VALUES ( 7, 'mazowieckie');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO ST_DOCEL(ID_ST_DOCEL, NAZWA, ID_KONTRAH, MAG) VALUES(0, 'BRAK WYBORU', '000', 'NPP');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO PREF_CENNIKI(ID, NAZWA) VALUES (0, 'Kontrahenci preferowani');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO S_PJ (ID_S_PJ, NAZWA) VALUES (11, 'Parch');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO S_PROD (NAZWA) VALUES ('Lidl');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE GAZOWANIE SET MAG = 'B01' WHERE MAG = 'B-1';
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO BUNKRY (NAZWA) VALUES ('B2');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE GAZOWANIE SET MAG = 'A08' WHERE MAG = 'A-8';
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE GAZOWANIE SET MAG = 'A01' WHERE MAG = 'A-1';
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE GAZOWANIE SET MAG = 'B08' WHERE MAG = 'B-8';
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO SL_WOJEWODZTW (ID, NAZWA) VALUES ( 9, 'podkarpackie');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO SL_WOJEWODZTW (ID, NAZWA) VALUES ( 3, 'lubelskie');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE GAZOWANIE SET MAG = 'B10' WHERE MAG = 'B-10';
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO SL_WOJEWODZTW (ID, NAZWA) VALUES ( 8, 'opolskie');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO PA_PRD_ZAST (ID_TYP, NAZWA) VALUES (2, 'O');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO PA_PRD_ZAST (ID_TYP, NAZWA) VALUES (4, 'DW (tylko ryflowane)');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO S_CERT (NAZWA) VALUES ('HACCP');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE GAZOWANIE SET MAG = 'B02' WHERE MAG = 'B-2';
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE GAZOWANIE SET MAG = 'A02' WHERE MAG = 'A-2';
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO S_PJ (ID_S_PJ, NAZWA) VALUES ( 4, 'Mycie');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO SL_WOJEWODZTW (ID, NAZWA) VALUES ( 2, 'kujawsko-pomorskie');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO S_PJ (ID_S_PJ, NAZWA) VALUES ( 8, 'Obite pow 10%');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE GAZOWANIE SET MAG = 'A05' WHERE MAG = 'A-5';
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO BUNKRY (NAZWA) VALUES ('B3');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO PA_PRD_ZAST (ID_TYP, NAZWA) VALUES (1, 'Z');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: UPDATE GAZOWANIE SET MAG = 'B05' WHERE MAG = 'B-5';
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO S_PROD (NAZWA) VALUES ('Kettle');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO S_PJ (ID_S_PJ, NAZWA) VALUES ( 5, 'NO2');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO TYP_ROL(ID_TYP_ROL, NAZWA) VALUES('V', 'Vatowiec');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO PREF_CENNIKI(ID, NAZWA) VALUES (1, 'Kontrahenci niepreferowani');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO TERM_SKLADOW (ID, NAZWA) VALUES ('1', 'tymczasowe');
Source: KRoMX2011.exe, 0000000A.00000000.1695751969.0000000000A9F000.00000008.00000001.01000000.00000006.sdmp, KRoMX2011Test.exe, 0000000B.00000000.1800960557.0000000000A9D000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: INSERT INTO S_CERT (NAZWA) VALUES ('Euro Gap');
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe "C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe"
Source: unknown Process created: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe "C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe"
Source: unknown Process created: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe "C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe"
Source: unknown Process created: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe "C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe"
Source: unknown Process created: C:\Users\user\Desktop\OneDrive_1_25-11-2024\ndcnt.exe "C:\Users\user\Desktop\OneDrive_1_25-11-2024\ndcnt.exe"
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: msdart.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: duser.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: msdart.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: duser.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: msftedit.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: msdart.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: duser.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: msftedit.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: msdart.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: duser.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\ndcnt.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\ndcnt.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\ndcnt.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\ndcnt.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\ndcnt.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\ndcnt.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\ndcnt.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\ndcnt.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\ndcnt.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\ndcnt.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\ndcnt.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\ndcnt.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\ndcnt.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\ndcnt.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\ndcnt.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000514-0000-0010-8000-00AA006D2EA4}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Window found: window name: TComboBox Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe File opened: C:\Windows\SysWOW64\Msftedit.DLL Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: OneDrive_1_25-11-2024.zip Static file information: File size 53451478 > 1048576
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\ndcnt.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Queries keyboard layouts
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809 Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809 Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809 Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2011Test.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809 Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809 Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809 Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809 Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\KRoMX2018Test.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809 Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\ndcnt.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809 Jump to behavior
Source: C:\Users\user\Desktop\OneDrive_1_25-11-2024\ndcnt.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809 Jump to behavior
Source: KRoMX2011.exe, 0000000A.00000003.1828962952.0000000001459000.00000004.00000020.00020000.00000000.sdmp, KRoMX2011Test.exe, 0000000B.00000003.1959107299.00000000013EF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1562264 Sample: OneDrive_1_25-11-2024.zip Startdate: 25/11/2024 Architecture: WINDOWS Score: 0 4 KRoMX2011Test.exe 2->4         started        6 KRoMX2011.exe 2->6         started        8 KRoMX2018.exe 2->8         started        10 3 other processes 2->10
No contacted IP infos