Source: GamePall.exe, 00000015.00000002.3813403329.0000000002501000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://api.install-stat.debug.world/clients/activity |
Source: GamePall.exe, 00000013.00000002.3814333984.0000000003151000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://api.install-stat.debug.world/clients/activity8 |
Source: GamePall.exe, 00000015.00000002.3813403329.0000000002501000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://api.install-stat.debug.world/clients/installs |
Source: GamePall.exe, 00000015.00000002.3813403329.0000000002501000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://bageyou.xyz |
Source: GamePall.exe, 0000000C.00000002.4120205235.0000000002D07000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://bageyou.xyz/c/g |
Source: GamePall.exe, 0000000C.00000002.4120205235.0000000002D07000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://bageyou.xyz/c/g4 |
Source: Newtonsoft.Json.dll.11.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: 53FF.exe, 00000005.00000003.2486747696.0000000003650000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0 |
Source: 53FF.exe, 00000005.00000003.2486747696.0000000003650000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
Source: explorer.exe, 00000002.00000000.2115963975.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2115963975.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0 |
Source: Newtonsoft.Json.dll.11.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: Newtonsoft.Json.dll.11.dr |
String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0 |
Source: GamePall.exe, 00000013.00000002.4213815797.00000000072A4000.00000002.00000001.00040000.0000001D.sdmp |
String found in binary or memory: http://crbug.com/1352358 |
Source: GamePall.exe, 00000013.00000002.4213815797.00000000072A4000.00000002.00000001.00040000.0000001D.sdmp |
String found in binary or memory: http://crbug.com/275944 |
Source: GamePall.exe, 00000013.00000002.4213815797.00000000072A4000.00000002.00000001.00040000.0000001D.sdmp |
String found in binary or memory: http://crbug.com/378067 |
Source: GamePall.exe, 00000013.00000002.4213815797.00000000072A4000.00000002.00000001.00040000.0000001D.sdmp |
String found in binary or memory: http://crbug.com/437891. |
Source: GamePall.exe, 00000013.00000002.4213815797.00000000072A4000.00000002.00000001.00040000.0000001D.sdmp |
String found in binary or memory: http://crbug.com/456214 |
Source: GamePall.exe, 00000013.00000002.4213815797.00000000072A4000.00000002.00000001.00040000.0000001D.sdmp |
String found in binary or memory: http://crbug.com/510270 |
Source: GamePall.exe, 00000013.00000002.4213815797.00000000072A4000.00000002.00000001.00040000.0000001D.sdmp |
String found in binary or memory: http://crbug.com/642141 |
Source: GamePall.exe, 00000013.00000002.4213815797.00000000072A4000.00000002.00000001.00040000.0000001D.sdmp |
String found in binary or memory: http://crbug.com/672186). |
Source: GamePall.exe, 00000013.00000002.4213815797.00000000072A4000.00000002.00000001.00040000.0000001D.sdmp |
String found in binary or memory: http://crbug.com/819404 |
Source: GamePall.exe, 00000013.00000002.4213815797.00000000072A4000.00000002.00000001.00040000.0000001D.sdmp |
String found in binary or memory: http://crbug.com/957772 |
Source: 53FF.exe, 00000005.00000003.2486747696.0000000003650000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0 |
Source: explorer.exe, 00000002.00000000.2113028471.0000000000F13000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.v |
Source: Newtonsoft.Json.dll.11.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: 53FF.exe, 00000005.00000003.2486747696.0000000003650000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
Source: 53FF.exe, 00000005.00000003.2486747696.0000000003650000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
Source: explorer.exe, 00000002.00000000.2115963975.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2115963975.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07 |
Source: Newtonsoft.Json.dll.11.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0= |
Source: Newtonsoft.Json.dll.11.dr |
String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E |
Source: Newtonsoft.Json.dll.11.dr |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: Newtonsoft.Json.dll.11.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: 53FF.exe, 00000005.00000003.2486747696.0000000003650000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00 |
Source: explorer.exe, 00000002.00000000.2115963975.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2115963975.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0 |
Source: Newtonsoft.Json.dll.11.dr |
String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L |
Source: Newtonsoft.Json.dll.11.dr |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: 53FF.exe, 00000005.00000003.2486747696.0000000003650000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0? |
Source: Newtonsoft.Json.dll.11.dr |
String found in binary or memory: http://james.newtonking.com/projects/json |
Source: log4net.xml.11.dr |
String found in binary or memory: http://logging.apache.org/log4j |
Source: GamePall.exe, 00000016.00000002.3844221920.0000000004E92000.00000002.00000001.01000000.00000011.sdmp, log4net.xml.11.dr |
String found in binary or memory: http://logging.apache.org/log4net/release/faq.html#trouble-EventLog |
Source: log4net.xml.11.dr |
String found in binary or memory: http://logging.apache.org/log4net/schemas/log4net-events-1.2> |
Source: 7719.exe, 7719.exe, 00000008.00000002.3874005916.000000000040A000.00000004.00000001.01000000.00000007.sdmp, 7719.exe, 00000008.00000000.2523574701.000000000040A000.00000008.00000001.01000000.00000007.sdmp, setup.exe, 0000000B.00000002.3864436780.000000000040A000.00000004.00000001.01000000.0000000D.sdmp, setup.exe, 0000000B.00000000.3366645637.000000000040A000.00000008.00000001.01000000.0000000D.sdmp, setup.exe, 0000000B.00000003.3686521042.00000000007BC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://nsis.sf.net/NSIS_Error |
Source: 7719.exe, 00000008.00000002.3874005916.000000000040A000.00000004.00000001.01000000.00000007.sdmp, 7719.exe, 00000008.00000000.2523574701.000000000040A000.00000008.00000001.01000000.00000007.sdmp, setup.exe, 0000000B.00000002.3864436780.000000000040A000.00000004.00000001.01000000.0000000D.sdmp, setup.exe, 0000000B.00000000.3366645637.000000000040A000.00000008.00000001.01000000.0000000D.sdmp, setup.exe, 0000000B.00000003.3686521042.00000000007BC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: explorer.exe, 00000002.00000000.2115963975.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2115963975.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2486747696.0000000003650000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: Newtonsoft.Json.dll.11.dr |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: Newtonsoft.Json.dll.11.dr |
String found in binary or memory: http://ocsp.digicert.com0K |
Source: Newtonsoft.Json.dll.11.dr |
String found in binary or memory: http://ocsp.digicert.com0N |
Source: Newtonsoft.Json.dll.11.dr |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: explorer.exe, 00000002.00000000.2115963975.00000000099C0000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di |
Source: 53FF.exe, 00000005.00000003.2486747696.0000000003650000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.rootca1.amazontrust.com0: |
Source: explorer.exe, 00000002.00000000.2115543053.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2115565652.0000000008890000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2115142712.0000000007DC0000.00000002.00000001.00040000.00000000.sdmp |
String found in binary or memory: http://schemas.micro |
Source: GamePall.exe, 0000000C.00000002.4120205235.0000000002FF5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: GamePall.exe, 00000016.00000002.3844221920.0000000004E92000.00000002.00000001.01000000.00000011.sdmp |
String found in binary or memory: http://www.apache.org/). |
Source: GamePall.exe, 00000016.00000002.3844221920.0000000004E92000.00000002.00000001.01000000.00000011.sdmp |
String found in binary or memory: http://www.apache.org/licenses/ |
Source: GamePall.exe, 00000016.00000002.3844221920.0000000004E92000.00000002.00000001.01000000.00000011.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: explorer.exe, 00000002.00000000.2118423388.000000000C81C000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.autoitscript.com/autoit3/J |
Source: log4net.xml.11.dr |
String found in binary or memory: http://www.connectionstrings.com/ |
Source: log4net.xml.11.dr |
String found in binary or memory: http://www.faqs.org/rfcs/rfc3164.html. |
Source: log4net.xml.11.dr |
String found in binary or memory: http://www.iana.org/assignments/multicast-addresses |
Source: GamePall.exe, 00000013.00000002.4085407935.0000000006BFF000.00000002.00000001.00040000.0000001A.sdmp |
String found in binary or memory: http://www.unicode.org/copyright.html |
Source: 53FF.exe, 00000005.00000003.2486747696.0000000003650000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://x1.c.lencr.org/0 |
Source: 53FF.exe, 00000005.00000003.2486747696.0000000003650000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://x1.i.lencr.org/0 |
Source: 7719.exe, 00000008.00000002.3876675879.000000000085E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://xiexie.wf/22_551/huge.dat |
Source: 7719.exe, 00000008.00000002.3874005916.0000000000434000.00000004.00000001.01000000.00000007.sdmp |
String found in binary or memory: http://xiexie.wf/22_551/huge.datmCGBZvyfGQlwd |
Source: 53FF.exe, 00000005.00000003.2465238419.0000000003668000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: explorer.exe, 00000002.00000000.2118031324.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe |
Source: explorer.exe, 00000002.00000000.2114531614.00000000076F8000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://android.notify.windows.com/iOS |
Source: explorer.exe, 00000002.00000000.2115963975.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://api.msn.com/ |
Source: explorer.exe, 00000002.00000000.2114531614.0000000007637000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind |
Source: explorer.exe, 00000002.00000000.2113719983.00000000035FA000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://arc.msn.coml |
Source: 96C7.exe, 00000009.00000002.3435692996.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://aui-cdn.atlassian.com/ |
Source: 96C7.exe, 00000009.00000002.3435692996.0000000000D7D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bitbucket.org/ |
Source: 96C7.exe, 00000009.00000002.3435692996.0000000000D7D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bitbucket.org/1 |
Source: 96C7.exe, 00000009.00000002.3435692996.0000000000D30000.00000004.00000020.00020000.00000000.sdmp, 96C7.exe, 00000009.00000002.3435692996.0000000000D7D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bitbucket.org/fcsdcvscvc/sadcasdv/raw/62af221cbc4d137cf4e95f7d66f3ced90597b434/kupee |
Source: 53FF.exe, 00000005.00000003.2488157667.0000000000710000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743. |
Source: 53FF.exe, 00000005.00000003.2488157667.0000000000710000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta |
Source: 96C7.exe, 00000009.00000002.3435692996.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.cookielaw.org/ |
Source: 53FF.exe, 00000005.00000003.2465238419.0000000003668000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: 53FF.exe, 00000005.00000003.2465238419.0000000003668000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: 53FF.exe, 00000005.00000003.2465238419.0000000003668000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: GamePall.exe, 00000013.00000002.4547043059.000000003C270000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 00000013.00000002.4204288341.0000000006E30000.00000002.00000001.00040000.0000001C.sdmp |
String found in binary or memory: https://chrome.google.com/webstore/category/extensions |
Source: GamePall.exe, 00000013.00000002.4204288341.0000000006E30000.00000002.00000001.00040000.0000001C.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?u |
Source: GamePall.exe, 00000013.00000002.4204288341.0000000006E30000.00000002.00000001.00040000.0000001C.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=enCtrl$1 |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=tr&category=theme81https://myactivity.google.com/myactivity/?u |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=uk&category=theme81https://myactivity.google.com/myactivity/?u |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=ukCtrl$1 |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=ur&category=theme81https://myactivity.google.com/myactivity/?u |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=urCtrl$2 |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=vi&category=theme81https://myactivity.google.com/myactivity/?u |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=viCtrl$1 |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=zh-CN&category=theme81https://myactivity.google.com/myactivity |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=zh-CNCtrl$1 |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=zh-TW&category=theme81https://myactivity.google.com/myactivity |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=zh-TWCtrl$1 |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 00000013.00000002.4204288341.0000000006E30000.00000002.00000001.00040000.0000001C.sdmp |
String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 00000013.00000002.4204288341.0000000006E30000.00000002.00000001.00040000.0000001C.sdmp |
String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 00000013.00000002.4204288341.0000000006E30000.00000002.00000001.00040000.0000001C.sdmp |
String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 00000013.00000002.4204288341.0000000006E30000.00000002.00000001.00040000.0000001C.sdmp |
String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 00000013.00000002.4204288341.0000000006E30000.00000002.00000001.00040000.0000001C.sdmp |
String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 00000013.00000002.4204288341.0000000006E30000.00000002.00000001.00040000.0000001C.sdmp |
String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 00000013.00000002.4204288341.0000000006E30000.00000002.00000001.00040000.0000001C.sdmp |
String found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22 |
Source: GamePall.exe, 00000013.00000002.4547043059.000000003C270000.00000004.00001000.00020000.00000000.sdmp, GamePall.exe, 00000013.00000002.4213815797.00000000072A4000.00000002.00000001.00040000.0000001D.sdmp |
String found in binary or memory: https://chromewebstore.google.com/ |
Source: GamePall.exe, 00000013.00000002.4547043059.000000003C270000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://chromewebstore.google.com/declarativeNetRequestWithHostAccessds=2-1719957786566967id5app.win |
Source: GamePall.exe, 00000013.00000002.4546897572.000000003C25C000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://clients2.google.com/service/update2/crx |
Source: GamePall.exe, 00000013.00000002.4546897572.000000003C25C000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://clients2.google.com/service/update2/crxle |
Source: 53FF.exe, 00000005.00000003.2488157667.0000000000710000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg |
Source: 53FF.exe, 00000005.00000003.2488157667.0000000000710000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg |
Source: GamePall.exe, 00000013.00000002.4213815797.00000000072A4000.00000002.00000001.00040000.0000001D.sdmp |
String found in binary or memory: https://crbug.com/1201800 |
Source: 96C7.exe, 00000009.00000002.3435692996.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://d136azpfpnge1l.cloudfront.net/; |
Source: 96C7.exe, 00000009.00000002.3435692996.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://d301sr5gafysq2.cloudfront.net/ |
Source: 53FF.exe, 00000005.00000003.2465238419.0000000003668000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: 53FF.exe, 00000005.00000003.2465238419.0000000003668000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: 53FF.exe, 00000005.00000003.2465238419.0000000003668000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: explorer.exe, 00000002.00000000.2115963975.0000000009B41000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://excel.office.com |
Source: 53FF.exe, 00000005.00000003.2464232974.000000000069C000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2573234047.000000000071C000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2453795663.00000000006B1000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2464347244.00000000006B1000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000002.2574942485.000000000071C000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2464028346.0000000000672000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000002.2574819824.0000000000704000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2572799429.0000000000704000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2540650954.0000000000704000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://foodypannyjsud.shop/ |
Source: 53FF.exe, 00000005.00000003.2464232974.000000000069C000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2453795663.00000000006B1000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2464347244.00000000006B1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://foodypannyjsud.shop/-% |
Source: 53FF.exe, 00000005.00000003.2573234047.000000000071C000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000002.2574942485.000000000071C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://foodypannyjsud.shop/D |
Source: 53FF.exe, 00000005.00000002.2574819824.0000000000704000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2572799429.0000000000704000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2540650954.0000000000704000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://foodypannyjsud.shop/O |
Source: 53FF.exe, 00000005.00000003.2464347244.00000000006B1000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2453884126.0000000000691000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000002.2574819824.0000000000704000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2572799429.0000000000704000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2540650954.0000000000704000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2516528553.0000000000700000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://foodypannyjsud.shop/api |
Source: 53FF.exe, 00000005.00000002.2574430878.000000000069C000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2573425240.000000000069C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://foodypannyjsud.shop/apiP |
Source: 53FF.exe, 00000005.00000003.2516528553.0000000000700000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://foodypannyjsud.shop/apif |
Source: 53FF.exe, 00000005.00000002.2574819824.0000000000704000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2572799429.0000000000704000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2540650954.0000000000704000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://foodypannyjsud.shop/apit |
Source: 53FF.exe, 00000005.00000003.2516528553.0000000000700000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://foodypannyjsud.shop/g |
Source: 53FF.exe, 00000005.00000003.2464232974.000000000069C000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2453795663.00000000006B1000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2464347244.00000000006B1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://foodypannyjsud.shop/h |
Source: 53FF.exe, 00000005.00000002.2574819824.0000000000704000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2572799429.0000000000704000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://foodypannyjsud.shop/m |
Source: 53FF.exe, 00000005.00000003.2516528553.0000000000700000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://foodypannyjsud.shop/op |
Source: 53FF.exe, 00000005.00000002.2574819824.0000000000704000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2572799429.0000000000704000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2540650954.0000000000704000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://foodypannyjsud.shop/pi |
Source: 53FF.exe, 00000005.00000003.2540650954.000000000071C000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2516350013.000000000071C000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2573234047.000000000071C000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000002.2574942485.000000000071C000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2529482964.000000000071C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://foodypannyjsud.shop/q |
Source: 53FF.exe, 00000005.00000003.2516350013.000000000071C000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2498697771.0000000000719000.00000004.00000020.00020000.00000000.sdmp, 53FF.exe, 00000005.00000003.2498890451.000000000071C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://foodypannyjsud.shop/qD |
Source: 53FF.exe, 00000005.00000003.2516528553.0000000000700000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://foodypannyjsud.shop/s |
Source: 53FF.exe, 00000005.00000003.2516528553.0000000000700000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://foodypannyjsud.shop/sN |
Source: 53FF.exe, 00000005.00000003.2516528553.0000000000700000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://foodypannyjsud.shop/t |
Source: GamePall.exe, 0000000C.00000002.4120205235.0000000003005000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.protekt2day.com/go/1c68c94b-6319-4e81-a7cf-3041c0161b9b?cost=0.180000 |
Source: GamePall.exe, 0000000C.00000002.4120205235.0000000003005000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.protekt2day.com/go/1c68c94b-6319-4e81-a7cf-3041c0161b9b?cost=0.180000&visitor_id=83180631 |
Source: 53FF.exe, 00000005.00000003.2488157667.0000000000710000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 00000013.00000002.4204288341.0000000006E30000.00000002.00000001.00040000.0000001C.sdmp |
String found in binary or memory: https://myactivity.google.com/ |
Source: explorer.exe, 00000002.00000000.2115963975.0000000009B41000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://outlook.com |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://passwords.google.com |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 00000013.00000002.4204288341.0000000006E30000.00000002.00000001.00040000.0000001C.sdmp |
String found in binary or memory: https://passwords.google.comGoogle |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://passwords.google.comT |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 00000013.00000002.4204288341.0000000006E30000.00000002.00000001.00040000.0000001C.sdmp |
String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 00000013.00000002.4204288341.0000000006E30000.00000002.00000001.00040000.0000001C.sdmp |
String found in binary or memory: https://policies.google.com/ |
Source: explorer.exe, 00000002.00000000.2118031324.000000000C460000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://powerpoint.office.comcember |
Source: 96C7.exe, 00000009.00000002.3435692996.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net |
Source: 96C7.exe, 00000009.00000002.3435692996.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.google.com/chrome/a/answer/9122284 |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 00000013.00000002.4204288341.0000000006E30000.00000002.00000001.00040000.0000001C.sdmp |
String found in binary or memory: https://support.google.com/chrome/answer/6098869 |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 00000013.00000002.4204288341.0000000006E30000.00000002.00000001.00040000.0000001C.sdmp |
String found in binary or memory: https://support.google.com/chromebook?p=app_intent |
Source: 53FF.exe, 00000005.00000003.2487805179.000000000375A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: 53FF.exe, 00000005.00000003.2487805179.000000000375A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all |
Source: GamePall.exe, 00000016.00000002.3844470978.0000000004ED6000.00000002.00000001.01000000.00000011.sdmp, GamePall.exe, 00000016.00000002.3844221920.0000000004E92000.00000002.00000001.01000000.00000011.sdmp |
String found in binary or memory: https://svn.apache.org/repos/asf/logging/log4net/tags/2.0.8RC1 |
Source: 96C7.exe, 00000009.00000002.3435692996.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website |
Source: explorer.exe, 00000002.00000000.2115963975.00000000099C0000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://wns.windows.com/)s |
Source: explorer.exe, 00000002.00000000.2115963975.00000000099C0000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://word.office.comon |
Source: 53FF.exe, 00000005.00000003.2488157667.0000000000710000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477 |
Source: 53FF.exe, 00000005.00000003.2488157667.0000000000710000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref |
Source: Newtonsoft.Json.dll.11.dr |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: 53FF.exe, 00000005.00000003.2465238419.0000000003668000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html& |
Source: GamePall.exe, 00000013.00000002.4204288341.0000000006E30000.00000002.00000001.00040000.0000001C.sdmp |
String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlH&elpManaged |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlT&r |
Source: setup.exe, 0000000B.00000002.3866084513.0000000002839000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlYar&d |
Source: 53FF.exe, 00000005.00000003.2465238419.0000000003668000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: 53FF.exe, 00000005.00000003.2487805179.000000000375A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc |
Source: 53FF.exe, 00000005.00000003.2487805179.000000000375A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6 |
Source: 53FF.exe, 00000005.00000003.2487805179.000000000375A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: 53FF.exe, 00000005.00000003.2487805179.000000000375A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: 53FF.exe, 00000005.00000003.2487805179.000000000375A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg |
Source: 53FF.exe, 00000005.00000003.2487805179.000000000375A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: Newtonsoft.Json.dll.11.dr |
String found in binary or memory: https://www.newtonsoft.com/json |
Source: Newtonsoft.Json.dll.11.dr |
String found in binary or memory: https://www.newtonsoft.com/jsonschema |
Source: Newtonsoft.Json.dll.11.dr |
String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Trojan.FWF.gen.Eldorado.2850.19434.exe |
Code function: 0_2_00401538 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
0_2_00401538 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Trojan.FWF.gen.Eldorado.2850.19434.exe |
Code function: 0_2_00402FE9 RtlCreateUserThread,NtTerminateProcess, |
0_2_00402FE9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Trojan.FWF.gen.Eldorado.2850.19434.exe |
Code function: 0_2_004014DE NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
0_2_004014DE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Trojan.FWF.gen.Eldorado.2850.19434.exe |
Code function: 0_2_00401496 NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
0_2_00401496 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Trojan.FWF.gen.Eldorado.2850.19434.exe |
Code function: 0_2_00401543 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
0_2_00401543 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Trojan.FWF.gen.Eldorado.2850.19434.exe |
Code function: 0_2_00401565 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
0_2_00401565 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Trojan.FWF.gen.Eldorado.2850.19434.exe |
Code function: 0_2_00401579 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
0_2_00401579 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Trojan.FWF.gen.Eldorado.2850.19434.exe |
Code function: 0_2_0040157C NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
0_2_0040157C |
Source: C:\Users\user\AppData\Roaming\svgbeht |
Code function: 4_2_00401538 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
4_2_00401538 |
Source: C:\Users\user\AppData\Roaming\svgbeht |
Code function: 4_2_00402FE9 RtlCreateUserThread,NtTerminateProcess, |
4_2_00402FE9 |
Source: C:\Users\user\AppData\Roaming\svgbeht |
Code function: 4_2_004014DE NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
4_2_004014DE |
Source: C:\Users\user\AppData\Roaming\svgbeht |
Code function: 4_2_00401496 NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
4_2_00401496 |
Source: C:\Users\user\AppData\Roaming\svgbeht |
Code function: 4_2_00401543 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
4_2_00401543 |
Source: C:\Users\user\AppData\Roaming\svgbeht |
Code function: 4_2_00401565 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
4_2_00401565 |
Source: C:\Users\user\AppData\Roaming\svgbeht |
Code function: 4_2_00401579 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
4_2_00401579 |
Source: C:\Users\user\AppData\Roaming\svgbeht |
Code function: 4_2_0040157C NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
4_2_0040157C |
Source: C:\Users\user\AppData\Local\Temp\7719.exe |
Code function: 8_2_100010D0 GetVersionExA,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,WideCharToMultiByte,lstrcmpiA,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenA,lstrcpynA,lstrcmpiA,CloseHandle,FreeLibrary, |
8_2_100010D0 |
Source: C:\Users\user\AppData\Roaming\svgbeht |
Code function: 10_2_00401538 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
10_2_00401538 |
Source: C:\Users\user\AppData\Roaming\svgbeht |
Code function: 10_2_00402FE9 RtlCreateUserThread,NtTerminateProcess, |
10_2_00402FE9 |
Source: C:\Users\user\AppData\Roaming\svgbeht |
Code function: 10_2_004014DE NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
10_2_004014DE |
Source: C:\Users\user\AppData\Roaming\svgbeht |
Code function: 10_2_00401496 NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
10_2_00401496 |
Source: C:\Users\user\AppData\Roaming\svgbeht |
Code function: 10_2_00401543 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
10_2_00401543 |
Source: C:\Users\user\AppData\Roaming\svgbeht |
Code function: 10_2_00401565 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
10_2_00401565 |
Source: C:\Users\user\AppData\Roaming\svgbeht |
Code function: 10_2_00401579 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
10_2_00401579 |
Source: C:\Users\user\AppData\Roaming\svgbeht |
Code function: 10_2_0040157C NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
10_2_0040157C |
Source: 0000000A.00000002.2975757928.0000000004271000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23 |
Source: 00000004.00000002.2417216706.000000000281B000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12 |
Source: 0000000A.00000002.2975329617.0000000002790000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23 |
Source: 00000000.00000002.2123557960.0000000004371000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23 |
Source: 00000000.00000002.2123517246.0000000004350000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23 |
Source: 00000004.00000002.2417107422.00000000027D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23 |
Source: 00000004.00000002.2417127304.00000000027E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23 |
Source: 0000000A.00000002.2975710135.0000000004250000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23 |
Source: 00000000.00000002.2123328963.0000000002960000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23 |
Source: 0000000A.00000002.2975486855.00000000027AF000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12 |
Source: 00000004.00000002.2417303583.0000000004371000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23 |
Source: 00000000.00000002.2123406759.000000000298C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12 |