Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0041A4F0 GetProfilesDirectoryW,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProfilesDirectoryW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,FindNextFileW,FindClose,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, | 0_2_0041A4F0 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0040E5B0 GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetSystemDirectoryW,lstrcatW,FindFirstFileW,StrRChrW,FindNextFileW,FindFirstFileW,FindClose,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, | 0_2_0040E5B0 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_00419C40 GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProfilesDirectoryW,wsprintfW,FindFirstFileW,StrCpyW,StrCatW,wsprintfW,FindNextFileW,FindClose,ExpandEnvironmentStringsW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, | 0_2_00419C40 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_00403590 lstrlenW,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,lstrcpyW,lstrcatW,lstrcpyW,lstrcatW,FindFirstFileW,lstrlenW,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,lstrcpyW,lstrcatW,lstrcatW,RemoveDirectoryW,GetLastError,DeleteFileW,GetLastError,FindNextFileW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, | 0_2_00403590 |
Source: unknown | DNS traffic detected: queries for: pin.kmsconsultantsllc.com |
Source: 8UT1RfjZ0z.exe, 00000000.00000002.794851528.0000000002943000.00000004.sdmp | String found in binary or memory: https://pin.kmsconsultantsllc.com:80/rpersist4/1958300021 |
Source: 8UT1RfjZ0z.exe, 00000000.00000002.792580964.000000000207C000.00000004.sdmp | String found in binary or memory: https://pixmania.biz:80/ |
Source: 8UT1RfjZ0z.exe, 00000000.00000002.794804211.000000000291C000.00000004.sdmp, 8UT1RfjZ0z.exe, 00000000.00000002.794851528.0000000002943000.00000004.sdmp | String found in binary or memory: https://pixmania.biz:80/rpersist4/1958300021 |
Source: 8UT1RfjZ0z.exe, 00000000.00000002.794784118.0000000002910000.00000004.sdmp | String found in binary or memory: https://pizzza-la.com:80/ |
Source: 8UT1RfjZ0z.exe, 00000000.00000002.794804211.000000000291C000.00000004.sdmp, 8UT1RfjZ0z.exe, 00000000.00000002.794851528.0000000002943000.00000004.sdmp | String found in binary or memory: https://pizzza-la.com:80/rbody320 |
Source: 8UT1RfjZ0z.exe, 00000000.00000002.792580964.000000000207C000.00000004.sdmp | String found in binary or memory: https://stormsfronts.com:80/ |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: GetModuleHandleA,GetProcAddress,GlobalMemoryStatusEx,GetNativeSystemInfo,GetSystemInfo,RegOpenKeyW,RegQueryValueExW,StrStrIW,Sleep,RegCloseKey,Sleep, | 0_2_0040DD20 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Memory allocated: 76EC0000 page execute and read and write | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Memory allocated: 76DC0000 page execute and read and write | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_00415620 LoadLibraryA,GetProcAddress,NtQuerySystemInformation,VirtualAlloc,NtQuerySystemInformation,VirtualFree,VirtualFree, | 0_2_00415620 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_00408EC0 OpenProcess,ProcessIdToSessionId,OpenProcessToken,DuplicateTokenEx,SetTokenInformation,AllocateAndInitializeSid,GetLengthSid,SetTokenInformation,FreeSid,SetTokenInformation,CreateEnvironmentBlock,CreateProcessAsUserW,OpenProcessToken,CloseHandle,CloseHandle,DestroyEnvironmentBlock,CloseHandle,CloseHandle,CloseHandle, | 0_2_00408EC0 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0041AF10 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitWindowsEx, | 0_2_0041AF10 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Mutant created: \Sessions\1\BaseNamedObjects\ServiceEntryPointThread |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_00404E60 | 0_2_00404E60 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0041A4F0 | 0_2_0041A4F0 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0040EB00 | 0_2_0040EB00 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_00415FE0 | 0_2_00415FE0 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_00408EC0 | 0_2_00408EC0 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_004106C0 | 0_2_004106C0 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_004124A0 | 0_2_004124A0 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_004099B0 | 0_2_004099B0 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_004334C7 | 0_2_004334C7 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_00433D6E | 0_2_00433D6E |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0043417A | 0_2_0043417A |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0043399A | 0_2_0043399A |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0043459A | 0_2_0043459A |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0042D1A2 | 0_2_0042D1A2 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_1_004334C7 | 0_1_004334C7 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_1_0042D1A2 | 0_1_0042D1A2 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_1_00430BAF | 0_1_00430BAF |
Source: 8UT1RfjZ0z.exe | Static PE information: Resource name: RT_ICON type: ump; GLS_BINARY_LSB_FIRST |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | File read: C:\Windows\System32\drivers\etc\hosts | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | File read: C:\Windows\System32\drivers\etc\hosts | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | File read: C:\Windows\System32\drivers\etc\hosts | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | File read: C:\Windows\System32\drivers\etc\hosts | Jump to behavior |
Source: 8UT1RfjZ0z.exe, 00000000.00000002.796382376.0000000003880000.00000008.sdmp | Binary or memory string: OriginalFilenameKernelbasej% vs 8UT1RfjZ0z.exe |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | File read: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Jump to behavior |
Source: classification engine | Classification label: mal84.bank.evad.winEXE@1/1@219/4 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0041AF10 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitWindowsEx, | 0_2_0041AF10 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_004047B0 LookupPrivilegeValueA,AdjustTokenPrivileges,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle, | 0_2_004047B0 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0040D500 CoInitialize,CoCreateInstance,StrStrIW,StrStrIW,StrStrIW,StrCpyNW,CoTaskMemFree,CoTaskMemFree,CoTaskMemFree,CoTaskMemFree,CoUninitialize, | 0_2_0040D500 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | File created: C:\Users\user\Desktop\8UT1RfjZ0z.inf | Jump to behavior |
Source: 8UT1RfjZ0z.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers | Jump to behavior |
Source: 8UT1RfjZ0z.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: 8UT1RfjZ0z.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: 8UT1RfjZ0z.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: 8UT1RfjZ0z.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: 8UT1RfjZ0z.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0041B060 LoadLibraryA,GetProcAddress,SystemFunction036, | 0_2_0041B060 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0041FC3A push 00000002h; iretd | 0_2_0041FC68 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_00420ACE push esp; ret | 0_2_00420AD0 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0041F08E push 65582770h; iretd | 0_2_0041F0B8 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0041FB57 push 00000041h; iretd | 0_2_0041FB59 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0041F3E2 push edi; retf | 0_2_0041F3E3 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_1_0040203D push eax; ret | 0_1_00402072 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_1_0040714A push eax; ret | 0_1_004071D9 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_1_00401D4F push eax; iretd | 0_1_00401D7E |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_1_00429509 push ecx; ret | 0_1_0042951C |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_1_0040710D push eax; retf | 0_1_0040710E |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_1_00401D1E push eax; iretd | 0_1_00401D7E |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_1_0040D31B push eax; retf | 0_1_0040D354 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_1_00405FDF push eax; retf | 0_1_00405FF0 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_1_0040339F push esp; retf | 0_1_004033A0 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_002302B2 RtlExitUserThread,GetProcAddress,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, | 0_2_002302B2 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Function Chain: GetComputerName, String check: SANDBOX |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Function Chain: GetComputerName, String check: SANDBOX |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Function Chain: GetComputerName, String check: SANDBOX |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Function Chain: GetComputerName, String check: SANDBOX |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Function Chain: GetUserName, String check: CurrentUser |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Function Chain: GetUserName, String check: CurrentUser |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Function Chain: GetUserName, String check: CurrentUser |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Function Chain: GetUserName, String check: CurrentUser |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Function Chain: Key Value Queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System SystemBiosVersion String check: AMI |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Function Chain: Key Value Queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System VideoBiosVersion String check: VirtualBox |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Function Chain: Key Value Queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System VideoBiosVersion String check: VirtualBox |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Function Chain: Key Value Queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 ProcessorNameString String check: Xeon |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Function Chain: Key Value Queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 ProcessorNameString String check: Xeon |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Function Chain: Key Value Queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 ProcessorNameString String check: Xeon |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Function Chain: Key Value Queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 ProcessorNameString String check: Xeon |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: GetModuleHandleA,GetModuleHandleA,GetUserNameA,lstrcmpA,lstrcmpA,GetComputerNameA,lstrcmpA,lstrcmpA,StrStrA,StrStrA,StrStrA,StrStrA,StrStrA, | 0_2_00404E60 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: EntryPoint,SetErrorMode,SetErrorMode,LoadLibraryA,GetProcAddress,GetCommandLineW,GetProcessHeap,HeapAlloc,GetModuleFileNameW,StrStrIW,ExitProcess,StrStrIW,GetCurrentProcess,GetVersion,GetProcessHeap,HeapFree,ExitProcess,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExitProcess,CreateThread,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,Sleep, | 0_2_00415FE0 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_00404B80 PathFindFileNameW, | 0_2_00404B80 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Evasive API call chain: CreateMutex,DecisionNodes,Sleep | graph_0-11752 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Module handle queried: sbiedll.dll | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Thread delayed: delay time: 600000 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Thread delayed: delay time: 539485 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Thread delayed: delay time: 539485 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Thread delayed: delay time: 494360 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Thread delayed: delay time: 517719 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Thread delayed: delay time: 494360 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Thread delayed: delay time: 262154 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Thread delayed: delay time: 517719 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Thread delayed: delay time: 402700 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Thread delayed: delay time: 539485 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Thread delayed: delay time: 624507 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Thread delayed: delay time: 623390 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Thread delayed: delay time: 473701 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Thread delayed: delay time: 413504 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Thread delayed: delay time: 423282 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Thread delayed: delay time: 304937 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Thread delayed: delay time: 183540 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Thread delayed: delay time: 576643 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Window / User API: threadDelayed 2107 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Evasive API call chain: RegOpenKey,DecisionNodes,Sleep | graph_0-12024 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Check user administrative privileges: GetTokenInformation,DecisionNodes | graph_0-12328 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4048 | Thread sleep time: -70000s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4036 | Thread sleep time: -600000s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4044 | Thread sleep count: 2107 > 30 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4044 | Thread sleep time: -126420000s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4036 | Thread sleep time: -539485s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4032 | Thread sleep time: -539485s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4036 | Thread sleep time: -494360s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4036 | Thread sleep time: -517719s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4032 | Thread sleep time: -1483080s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4036 | Thread sleep time: -262154s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4032 | Thread sleep time: -1035438s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4036 | Thread sleep time: -153377s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4036 | Thread sleep time: -402700s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4032 | Thread sleep time: -539485s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4036 | Thread sleep time: -624507s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4036 | Thread sleep time: -623390s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4036 | Thread sleep time: -473701s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4036 | Thread sleep time: -413504s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4036 | Thread sleep time: -70495s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4036 | Thread sleep time: -423282s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4032 | Thread sleep time: -153377s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4036 | Thread sleep time: -304937s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4036 | Thread sleep time: -183540s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4036 | Thread sleep time: -576643s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4036 | Thread sleep time: -170182s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe TID: 4012 | Thread sleep time: -922337203685477s >= -60000s | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0041A4F0 GetProfilesDirectoryW,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProfilesDirectoryW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,FindNextFileW,FindClose,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, | 0_2_0041A4F0 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0040E5B0 GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetSystemDirectoryW,lstrcatW,FindFirstFileW,StrRChrW,FindNextFileW,FindFirstFileW,FindClose,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, | 0_2_0040E5B0 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_00419C40 GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProfilesDirectoryW,wsprintfW,FindFirstFileW,StrCpyW,StrCatW,wsprintfW,FindNextFileW,FindClose,ExpandEnvironmentStringsW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, | 0_2_00419C40 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_00403590 lstrlenW,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,lstrcpyW,lstrcatW,lstrcpyW,lstrcatW,FindFirstFileW,lstrlenW,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,lstrcpyW,lstrcatW,lstrcatW,RemoveDirectoryW,GetLastError,DeleteFileW,GetLastError,FindNextFileW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, | 0_2_00403590 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0040DD20 GetModuleHandleA,GetProcAddress,GlobalMemoryStatusEx,GetNativeSystemInfo,GetSystemInfo,RegOpenKeyW,RegQueryValueExW,StrStrIW,Sleep,RegCloseKey,Sleep, | 0_2_0040DD20 |
Source: 8UT1RfjZ0z.exe, 00000000.00000002.794851528.0000000002943000.00000004.sdmp, 8UT1RfjZ0z.inf.0.dr | Binary or memory string: [yaimujrpziogbwqemuywxocvawnpyymgcrbqpypanqhkiobylfhya] |
Source: 8UT1RfjZ0z.exe, 00000000.00000002.794851528.0000000002943000.00000004.sdmp, 8UT1RfjZ0z.inf.0.dr | Binary or memory string: RunPreSetupCommands = yaimujrpziogbwqemuywxocvawnpyymgcrbqpypanqhkiobylfhya:2 |
Source: 8UT1RfjZ0z.inf.0.dr | Binary or memory string: RunPreSetupCommands = cileucmtoslylervmcixdihqdytfsevseapytofvj:2 |
Source: 8UT1RfjZ0z.inf.0.dr | Binary or memory string: [cileucmtoslylervmcixdihqdytfsevseapytofvj] |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | API call chain: ExitProcess graph end node | graph_0-11776 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Process information queried: ProcessInformation | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0042DBBB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 0_2_0042DBBB |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0041B060 LoadLibraryA,GetProcAddress,SystemFunction036, | 0_2_0041B060 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_002304C1 mov eax, dword ptr fs:[00000030h] | 0_2_002304C1 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_00406E70 LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree, | 0_2_00406E70 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0042DE56 SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 0_2_0042DE56 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0042DBBB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 0_2_0042DBBB |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_1_00429943 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 0_1_00429943 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_1_0042DBBB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 0_1_0042DBBB |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_00411960 _chkstk,RegGetKeySecurity,InitializeSecurityDescriptor,GetSecurityDescriptorDacl,GetAclInformation,LocalAlloc,InitializeAcl,LocalFree,GetAce,LocalFree,AddAce,LocalFree,SetSecurityDescriptorDacl,LocalFree,RegSetKeySecurity,LocalFree,LocalFree, | 0_2_00411960 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_00403450 AllocateAndInitializeSid,SetEntriesInAclW,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,SetFileSecurityW,FreeSid,LocalFree,LocalFree, | 0_2_00403450 |
Source: 8UT1RfjZ0z.exe, 00000000.00000002.791686687.0000000000990000.00000002.sdmp | Binary or memory string: Program Manager |
Source: 8UT1RfjZ0z.exe, 00000000.00000002.791686687.0000000000990000.00000002.sdmp | Binary or memory string: Shell_TrayWnd |
Source: 8UT1RfjZ0z.exe, 00000000.00000002.791686687.0000000000990000.00000002.sdmp | Binary or memory string: Progman |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: GetLocaleInfoA, | 0_2_0043182C |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: _GetPrimaryLen,EnumSystemLocalesA, | 0_2_00431CD2 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: EnumSystemLocalesA, | 0_2_00431CD1 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: GetLastError,__alloca_probe_16,WideCharToMultiByte,GetLocaleInfoA, | 0_2_0042E6DE |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: EnumSystemLocalesA, | 0_2_00431CA7 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: _TranslateName,_TranslateName,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale, | 0_2_00431D72 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: GetLocaleInfoA, | 0_2_0043190E |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: _GetPrimaryLen,EnumSystemLocalesA, | 0_2_00431D37 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: EnumSystemLocalesA, | 0_2_00431D36 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: GetLocaleInfoA, | 0_2_00431BE6 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: GetLocaleInfoA, | 0_2_004353EC |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: GetLocaleInfoA,_GetPrimaryLen, | 0_2_004319A4 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: GetLocaleInfoA, | 0_1_0043182C |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,MultiByteToWideChar, | 0_1_0042E568 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: GetLocaleInfoA, | 0_1_0043190E |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: GetLocaleInfoA,_GetPrimaryLen,_strlen, | 0_1_004319A4 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen, | 0_1_00431A16 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,GetLocaleInfoA, | 0_1_0042E6DE |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: GetLocaleInfoA, | 0_1_00431BE6 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: GetLocaleInfoA, | 0_1_004353EC |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_00435635 cpuid | 0_2_00435635 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_00403130 GetSystemTime,SystemTimeToFileTime,SystemTimeToFileTime,SystemTimeToFileTime,CreateFileW,GetFileTime,SystemTimeToFileTime,SystemTimeToFileTime,SystemTimeToFileTime,CloseHandle,GetProcessHeap,HeapFree, | 0_2_00403130 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_00404E60 GetModuleHandleA,GetModuleHandleA,GetUserNameA,lstrcmpA,lstrcmpA,GetComputerNameA,lstrcmpA,lstrcmpA,StrStrA,StrStrA,StrStrA,StrStrA,StrStrA, | 0_2_00404E60 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0043581C GetTimeZoneInformation, | 0_2_0043581C |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_00410AA0 GetModuleHandleW,GetVersion,GetCurrentProcessId,CreateEventW,GetLastError,GetProcessHeap,HeapAlloc,GetComputerNameW,lstrcpyW, | 0_2_00410AA0 |
Source: C:\Users\user\Desktop\8UT1RfjZ0z.exe | Code function: 0_2_0040DBB0 WSAStartup,socket,GetCurrentProcessId,inet_addr,htons,bind,closesocket, | 0_2_0040DBB0 |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.