Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E0DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_00E0DBBE |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DDC2A2 FindFirstFileExW, |
0_2_00DDC2A2 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E168EE FindFirstFileW,FindClose, |
0_2_00E168EE |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E1698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, |
0_2_00E1698F |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E0D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_00E0D076 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E0D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_00E0D3A9 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E19642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00E19642 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E1979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00E1979D |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E19B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00E19B2B |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E15C97 FindFirstFileW,FindNextFileW,FindClose, |
0_2_00E15C97 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 00266246h |
2_2_00266058 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 00266BD0h |
2_2_00266058 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 00268683h |
2_2_00268270 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 00266F41h |
2_2_00266C81 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
2_2_00265578 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 002680C1h |
2_2_00267E00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 002673A1h |
2_2_002670E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 00267C61h |
2_2_002679A1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
2_2_00265BAA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 00267801h |
2_2_00267540 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 00268683h |
2_2_002685B2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
2_2_00265D8A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006C5A31h |
2_2_006C5788 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006C4021h |
2_2_006C3D78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006CF021h |
2_2_006CED78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006C3319h |
2_2_006C3070 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006CE31Ah |
2_2_006CE070 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006C7CF1h |
2_2_006C7A48 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006C6FE9h |
2_2_006C6D40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006CD5E9h |
2_2_006CD340 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006C89F9h |
2_2_006C8750 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006C48D1h |
2_2_006C4628 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006CF965h |
2_2_006CF628 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006C3BC9h |
2_2_006C3920 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006CEBC9h |
2_2_006CE920 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006C62E1h |
2_2_006C6038 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006CC8E1h |
2_2_006CC638 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006C55D9h |
2_2_006C5330 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006C6B91h |
2_2_006C68E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then lea esp, dword ptr [ebp-04h] |
2_2_006CA3E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006CD191h |
2_2_006CCEE8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006C5E89h |
2_2_006C5BE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then lea esp, dword ptr [ebp-04h] |
2_2_006CA6FE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006C85A1h |
2_2_006C82F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006C7899h |
2_2_006C75F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006CDE99h |
2_2_006CDBF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006C3771h |
2_2_006C34C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006CE771h |
2_2_006CE4C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006C5181h |
2_2_006C4ED8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006C4479h |
2_2_006C41D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006CF479h |
2_2_006CF1D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006C8149h |
2_2_006C7EA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006CC461h |
2_2_006CC1B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then lea esp, dword ptr [ebp-04h] |
2_2_006CA2B7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006C4D29h |
2_2_006C4A80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006C7441h |
2_2_006C7198 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006CDA41h |
2_2_006CD798 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006C6739h |
2_2_006C6490 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 006CCD39h |
2_2_006CCA90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: checkip.dyndns.org |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: checkip.dyndns.org |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: reallyfreegeoip.org |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: checkip.dyndns.org |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: checkip.dyndns.org |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: reallyfreegeoip.org |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: checkip.dyndns.org |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: checkip.dyndns.org |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: reallyfreegeoip.org |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: checkip.dyndns.org |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: checkip.dyndns.org |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: reallyfreegeoip.org |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: checkip.dyndns.org |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: checkip.dyndns.org |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: checkip.dyndns.org |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: reallyfreegeoip.org |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: checkip.dyndns.org |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: checkip.dyndns.org |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: reallyfreegeoip.org |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: checkip.dyndns.org |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: checkip.dyndns.org |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
DNS query: name: reallyfreegeoip.org |
Source: RegSvcs.exe, 00000002.00000002.882370634.0000000002415000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.00000000024B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.00000000024C5000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.0000000002500000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.000000000250E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.00000000024A9000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.00000000024D3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.com |
Source: RegSvcs.exe, 00000002.00000002.882370634.0000000002415000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.00000000024B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.00000000024C5000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.00000000024E0000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.0000000002458000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.0000000002500000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.000000000250E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.00000000024A9000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.0000000002409000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.00000000024D3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org |
Source: RegSvcs.exe, 00000002.00000002.882667110.0000000005865000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882289016.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.0000000002371000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: New order.exe, 00000000.00000002.354982741.0000000000600000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882246076.0000000000402000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/q |
Source: RegSvcs.exe, 00000002.00000002.882667110.0000000005850000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: RegSvcs.exe, 00000002.00000002.882289016.00000000007C2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06 |
Source: RegSvcs.exe, 00000002.00000002.882289016.00000000007C2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.entrust.net/2048ca.crl0 |
Source: RegSvcs.exe, 00000002.00000002.882289016.00000000007C2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.entrust.net/server1.crl0 |
Source: RegSvcs.exe, 00000002.00000002.882667110.0000000005850000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: RegSvcs.exe, 00000002.00000002.882289016.00000000007C2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0 |
Source: RegSvcs.exe, 00000002.00000002.882289016.00000000007C2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0 |
Source: RegSvcs.exe, 00000002.00000002.882289016.00000000007C2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: RegSvcs.exe, 00000002.00000002.882289016.00000000007C2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0% |
Source: RegSvcs.exe, 00000002.00000002.882289016.00000000007C2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0- |
Source: RegSvcs.exe, 00000002.00000002.882289016.00000000007C2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0/ |
Source: RegSvcs.exe, 00000002.00000002.882289016.00000000007C2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.comodoca.com05 |
Source: RegSvcs.exe, 00000002.00000002.882289016.00000000007C2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.entrust.net03 |
Source: RegSvcs.exe, 00000002.00000002.882289016.00000000007C2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.entrust.net0D |
Source: RegSvcs.exe, 00000002.00000002.882370634.00000000024C5000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.0000000002500000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.00000000024BE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.000000000250E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.00000000024A9000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.000000000242E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.00000000024D3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://reallyfreegeoip.org |
Source: RegSvcs.exe, 00000002.00000002.882370634.0000000002371000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: RegSvcs.exe, 00000002.00000002.882289016.00000000007C2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.digicert.com.my/cps.htm02 |
Source: RegSvcs.exe, 00000002.00000002.882289016.00000000007C2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0 |
Source: RegSvcs.exe, 00000002.00000002.882370634.0000000002415000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.00000000024C5000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.0000000002458000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.0000000002500000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.00000000024BE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.000000000250E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.00000000024A9000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.00000000024D3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org |
Source: New order.exe, 00000000.00000002.354982741.0000000000600000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.0000000002415000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882246076.0000000000402000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/ |
Source: RegSvcs.exe, 00000002.00000002.882370634.00000000024D3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33 |
Source: RegSvcs.exe, 00000002.00000002.882370634.00000000024C5000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.0000000002458000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.0000000002500000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.00000000024BE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.000000000250E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.00000000024A9000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.882370634.00000000024D3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.334 |
Source: RegSvcs.exe, 00000002.00000002.882289016.00000000007C2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://secure.comodo.com/CPS0 |
Source: 0.2.New order.exe.600000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.New order.exe.600000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.New order.exe.600000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.New order.exe.600000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.New order.exe.600000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.New order.exe.600000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.New order.exe.600000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.New order.exe.600000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000000.00000002.354982741.0000000000600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000000.00000002.354982741.0000000000600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 00000000.00000002.354982741.0000000000600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 00000000.00000002.354982741.0000000000600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000002.00000002.882246076.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000002.00000002.882246076.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: Process Memory Space: New order.exe PID: 532, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: New order.exe PID: 532, type: MEMORYSTR |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: Process Memory Space: RegSvcs.exe PID: 1756, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: RegSvcs.exe PID: 1756, type: MEMORYSTR |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DABF40 |
0_2_00DABF40 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E12046 |
0_2_00E12046 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DA8060 |
0_2_00DA8060 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E08298 |
0_2_00E08298 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DDE4FF |
0_2_00DDE4FF |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DD676B |
0_2_00DD676B |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E34873 |
0_2_00E34873 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DACAF0 |
0_2_00DACAF0 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DCCAA0 |
0_2_00DCCAA0 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DBCC39 |
0_2_00DBCC39 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DD6DD9 |
0_2_00DD6DD9 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DA91C0 |
0_2_00DA91C0 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DBB119 |
0_2_00DBB119 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DC1394 |
0_2_00DC1394 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DC1706 |
0_2_00DC1706 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DC781B |
0_2_00DC781B |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DC19B0 |
0_2_00DC19B0 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DB997D |
0_2_00DB997D |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DA7920 |
0_2_00DA7920 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DC7A4A |
0_2_00DC7A4A |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DC7CA7 |
0_2_00DC7CA7 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DC1C77 |
0_2_00DC1C77 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DD9EEE |
0_2_00DD9EEE |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E2BE44 |
0_2_00E2BE44 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DC1F32 |
0_2_00DC1F32 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_001635F0 |
0_2_001635F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00263055 |
2_2_00263055 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00266058 |
2_2_00266058 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00263891 |
2_2_00263891 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00264130 |
2_2_00264130 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00262910 |
2_2_00262910 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_0026E1B0 |
2_2_0026E1B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00268988 |
2_2_00268988 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_0026DB61 |
2_2_0026DB61 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00263B70 |
2_2_00263B70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00262BF0 |
2_2_00262BF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00266C81 |
2_2_00266C81 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_0026CC90 |
2_2_0026CC90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_0026F491 |
2_2_0026F491 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00265578 |
2_2_00265578 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_002635B0 |
2_2_002635B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00267E00 |
2_2_00267E00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_0026EE40 |
2_2_0026EE40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00263E51 |
2_2_00263E51 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_0026E7F9 |
2_2_0026E7F9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_002670E0 |
2_2_002670E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_002679A1 |
2_2_002679A1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_0026CC80 |
2_2_0026CC80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_0026C4F8 |
2_2_0026C4F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_0026C508 |
2_2_0026C508 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00265569 |
2_2_00265569 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00267540 |
2_2_00267540 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00530040 |
2_2_00530040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00530CE0 |
2_2_00530CE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00530690 |
2_2_00530690 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00531328 |
2_2_00531328 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C0040 |
2_2_006C0040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C8BA8 |
2_2_006C8BA8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C5788 |
2_2_006C5788 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C3D68 |
2_2_006C3D68 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CA760 |
2_2_006CA760 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C3060 |
2_2_006C3060 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CE062 |
2_2_006CE062 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C3D78 |
2_2_006C3D78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CED78 |
2_2_006CED78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C5778 |
2_2_006C5778 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C3070 |
2_2_006C3070 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CE070 |
2_2_006CE070 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C4A70 |
2_2_006C4A70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C7A48 |
2_2_006C7A48 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C6D40 |
2_2_006C6D40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CD340 |
2_2_006CD340 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CB458 |
2_2_006CB458 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C8750 |
2_2_006C8750 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CA750 |
2_2_006CA750 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C4628 |
2_2_006C4628 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CF628 |
2_2_006CF628 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CC628 |
2_2_006CC628 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C602B |
2_2_006C602B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C3920 |
2_2_006C3920 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CE920 |
2_2_006CE920 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C5320 |
2_2_006C5320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C6038 |
2_2_006C6038 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CC638 |
2_2_006CC638 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C7A38 |
2_2_006C7A38 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C5330 |
2_2_006C5330 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C6D30 |
2_2_006C6D30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CD330 |
2_2_006CD330 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C9A18 |
2_2_006C9A18 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C4619 |
2_2_006C4619 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CF61A |
2_2_006CF61A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C3914 |
2_2_006C3914 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C0017 |
2_2_006C0017 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C9A10 |
2_2_006C9A10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C82EC |
2_2_006C82EC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C68E8 |
2_2_006C68E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CA3E8 |
2_2_006CA3E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CCEE8 |
2_2_006CCEE8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C5BE0 |
2_2_006C5BE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C75E0 |
2_2_006C75E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CDBE0 |
2_2_006CDBE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C82F8 |
2_2_006C82F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C75F0 |
2_2_006C75F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CDBF0 |
2_2_006CDBF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C34C8 |
2_2_006C34C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CE4C8 |
2_2_006CE4C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C41C8 |
2_2_006C41C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C4EC9 |
2_2_006C4EC9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C4ED8 |
2_2_006C4ED8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C68D8 |
2_2_006C68D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CCED8 |
2_2_006CCED8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C41D0 |
2_2_006C41D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CF1D0 |
2_2_006CF1D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C5BD0 |
2_2_006C5BD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C7EA0 |
2_2_006C7EA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CC1B8 |
2_2_006CC1B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C34B8 |
2_2_006C34B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CA2B7 |
2_2_006CA2B7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C7188 |
2_2_006C7188 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CD789 |
2_2_006CD789 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C4A80 |
2_2_006C4A80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C6480 |
2_2_006C6480 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CCA82 |
2_2_006CCA82 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C7198 |
2_2_006C7198 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CD798 |
2_2_006CD798 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C6490 |
2_2_006C6490 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006CCA90 |
2_2_006CCA90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_006C7E90 |
2_2_006C7E90 |
Source: 0.2.New order.exe.600000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.New order.exe.600000.0.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.New order.exe.600000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.New order.exe.600000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.New order.exe.600000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.New order.exe.600000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.New order.exe.600000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.New order.exe.600000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000000.00000002.354982741.0000000000600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000000.00000002.354982741.0000000000600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000000.00000002.354982741.0000000000600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 00000000.00000002.354982741.0000000000600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000002.00000002.882246076.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000002.00000002.882246076.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: Process Memory Space: New order.exe PID: 532, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: New order.exe PID: 532, type: MEMORYSTR |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: Process Memory Space: RegSvcs.exe PID: 1756, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: RegSvcs.exe PID: 1756, type: MEMORYSTR |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Users\user\Desktop\New order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E0DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_00E0DBBE |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00DDC2A2 FindFirstFileExW, |
0_2_00DDC2A2 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E168EE FindFirstFileW,FindClose, |
0_2_00E168EE |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E1698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, |
0_2_00E1698F |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E0D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_00E0D076 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E0D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_00E0D3A9 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E19642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00E19642 |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E1979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00E1979D |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E19B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00E19B2B |
Source: C:\Users\user\Desktop\New order.exe |
Code function: 0_2_00E15C97 FindFirstFileW,FindNextFileW,FindClose, |
0_2_00E15C97 |