Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 0_2_00409253 __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose, |
0_2_00409253 |
Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 0_2_0041C291 FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose, |
0_2_0041C291 |
Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 0_2_0040C34D FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose, |
0_2_0040C34D |
Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 0_2_00409665 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose, |
0_2_00409665 |
Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 0_2_0044E879 FindFirstFileExA, |
0_2_0044E879 |
Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 0_2_0040880C __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose, |
0_2_0040880C |
Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 0_2_0040783C FindFirstFileW,FindNextFileW, |
0_2_0040783C |
Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 0_2_00419AF5 FindFirstFileW,FindNextFileW,FindNextFileW, |
0_2_00419AF5 |
Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 0_2_0040BB30 FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose, |
0_2_0040BB30 |
Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 0_2_0040BD37 FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose, |
0_2_0040BD37 |
Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 0_2_100010F1 lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
0_2_100010F1 |
Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 0_2_10006580 FindFirstFileExA, |
0_2_10006580 |
Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 4_2_0040AE51 FindFirstFileW,FindNextFileW, |
4_2_0040AE51 |
Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 5_2_00407EF8 FindFirstFileA,FindNextFileA,strlen,strlen, |
5_2_00407EF8 |
Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 6_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen, |
6_2_00407898 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt0 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt0 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt0 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://cacerts.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crt0 |
Source: powershell.exe, 0000000B.00000002.4564122070.0000000007581000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.mB |
Source: powershell.exe, 0000000B.00000002.4564412746.0000000007706000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.micro |
Source: powershell.exe, 00000007.00000002.4567700425.0000000006D69000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.4552699626.0000000003221000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.microsoft |
Source: powershell.exe, 00000007.00000002.4572916909.0000000007E87000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.microsoft. |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG3.crl07 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://crl3.digicert.com/DigicertSHA2SecureServerCA-1.crl0? |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://crl3.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl0H |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0= |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG3.crl0 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://crl4.digicert.com/GeoTrustGlobalTLSRSA4096SHA2562022CA1.crl0 |
Source: wscript.exe, 00000003.00000002.2188017878.000000000345D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.2183776181.0000000003450000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en |
Source: 77EC63BDA74BD0D0E0426DC8F80085060.3.dr |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: wscript.exe, 00000003.00000003.2167892125.0000000005CFD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?378b40adf3637 |
Source: wscript.exe, 00000003.00000002.2188017878.000000000345D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.2183776181.0000000003450000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabxn |
Source: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, 00000000.00000003.2139093397.0000000000782000.00000004.00000020.00020000.00000000.sdmp, bhvF6CA.tmp.4.dr |
String found in binary or memory: http://geoplugin.net/json.gp |
Source: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
String found in binary or memory: http://geoplugin.net/json.gp/C |
Source: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, 00000000.00000003.2139093397.000000000076F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gpRN |
Source: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, 00000000.00000003.2139093397.0000000000782000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gplA |
Source: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, 00000000.00000003.2139093397.000000000076F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gpp |
Source: powershell.exe, 00000007.00000002.4562647784.0000000005207000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://ocsp.digicert.com0: |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://ocsp.digicert.com0H |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://ocsp.digicert.com0I |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://ocsp.digicert.com0Q |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://ocsp.msocsp.com0 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://ocsp.msocsp.com0S |
Source: powershell.exe, 00000007.00000002.4555869381.00000000042F9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000007.00000002.4555869381.00000000041A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.4555101569.0000000004C91000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000007.00000002.4555869381.00000000042F9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: http://www.digicert.com/CPS0~ |
Source: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, 00000006.00000002.2174707883.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.ebuddy.com |
Source: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, 00000006.00000003.2174423035.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, 00000006.00000003.2174273348.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, 00000006.00000002.2174707883.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.imvu.com |
Source: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, 00000000.00000002.4555963712.0000000003810000.00000040.10000000.00040000.00000000.sdmp, 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, 00000006.00000002.2174707883.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com |
Source: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, 00000006.00000003.2174423035.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, 00000006.00000003.2174273348.00000000005CD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.imvu.compData |
Source: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, 00000000.00000002.4555963712.0000000003810000.00000040.10000000.00040000.00000000.sdmp, 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, 00000006.00000002.2174707883.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.imvu.comr |
Source: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, 00000004.00000002.2197446260.0000000000193000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: http://www.nirsoft.net |
Source: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, 00000006.00000002.2174707883.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.nirsoft.net/ |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=EL |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaot |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaotak |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingrms |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingth |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://aefd.nelreports.net/api/report?cat=wsb |
Source: powershell.exe, 00000007.00000002.4555869381.00000000041A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.4555101569.0000000004C91000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lB |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind |
Source: powershell.exe, 00000007.00000002.4555869381.0000000004538000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.4555869381.000000000448F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.w.org/ |
Source: powershell.exe, 00000007.00000002.4555869381.00000000042F9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://asociatiatraditiimaria.ro |
Source: powershell.exe, 00000007.00000002.4562647784.000000000534C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.4562647784.00000000051A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://asociatiatraditiimaria.ro/comments/feed/ |
Source: powershell.exe, 00000007.00000002.4562647784.000000000534C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.4562647784.00000000051A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://asociatiatraditiimaria.ro/feed/ |
Source: powershell.exe, 00000007.00000002.4555869381.00000000042F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.4555101569.0000000004DE9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://asociatiatraditiimaria.ro/os/transportment.pfm |
Source: powershell.exe, 00000007.00000002.4562647784.000000000534C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.4562647784.00000000051A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://asociatiatraditiimaria.ro/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver= |
Source: powershell.exe, 00000007.00000002.4562647784.000000000534C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.4562647784.00000000051A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://asociatiatraditiimaria.ro/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.7.2 |
Source: powershell.exe, 00000007.00000002.4562647784.000000000534C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.4562647784.00000000051A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://asociatiatraditiimaria.ro/wp-content/uploads/elementor/css/post-2731.css?ver=1720763767 |
Source: powershell.exe, 00000007.00000002.4562647784.000000000534C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.4562647784.00000000051A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://asociatiatraditiimaria.ro/wp-includes/css/dist/block-library/style.min.css?ver=6.6.1 |
Source: powershell.exe, 00000007.00000002.4555869381.0000000004538000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.4555869381.000000000448F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://asociatiatraditiimaria.ro/wp-json/ |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://config.edge.skype.com/config/v1/ODSP_Sync_Client/19.043.0304.0013?UpdateRing=Prod&OS=Win&OSV |
Source: powershell.exe, 00000007.00000002.4562647784.0000000005207000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000007.00000002.4562647784.0000000005207000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000007.00000002.4562647784.0000000005207000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-LAX31r5c& |
Source: powershell.exe, 00000007.00000002.4562647784.000000000534C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.4562647784.00000000051A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://fonts.googleapis.com/css?family=Nunito |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://fp-afd.azureedge.net/apc/trans.gif?0684adfa5500b3bab63593997d26215c |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://fp-afd.azureedge.net/apc/trans.gif?79b1312614e5ac304828ba5e1fdb4fa3 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://fp-vp.azureedge.net/apc/trans.gif?7ae939fc98ce1346dd2e496abdba2d3b |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://fp-vp.azureedge.net/apc/trans.gif?9f3db9405f1b2793ad8d8de9770248e4 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://fp-vs.azureedge.net/apc/trans.gif?4aec53910de6415b25f2c4faf3f7e54a |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://fp-vs.azureedge.net/apc/trans.gif?77290711a5e44a163ac2e666ad7b53fd |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://fp.msedge.net/conf/v1/asgw/fpconfig.min.json |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://fp.msedge.net/conf/v2/asgw/fpconfig.min.json?monitorId=asgw |
Source: powershell.exe, 00000007.00000002.4555869381.00000000042F9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000007.00000002.4562647784.000000000534C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.4562647784.00000000051A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://gmpg.org/xfn/11 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com: |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live |
Source: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
String found in binary or memory: https://login.yahoo.com/config/login |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://logincdn.msauth.net/16.000/Converged_v22057_4HqSCTf5FFStBMz0_eIqyA2.css |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://logincdn.msauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en-gb_RP-iR89BipE4i7ZOq |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_tSc0Su-bb7Jt0QVuF6v9Cg2.js |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js |
Source: powershell.exe, 00000007.00000002.4555869381.0000000004538000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://new.quranushaiqer.org.sa |
Source: powershell.exe, 00000007.00000002.4555869381.00000000042F9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://new.quranushaiqer.org.sa/wp-admin/oserve/transportment.pfm0 |
Source: powershell.exe, 0000000B.00000002.4555101569.0000000004DE9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://new.quranushaiqer.org.sa/wp-admin/oserve/transportment.pfml |
Source: powershell.exe, 00000007.00000002.4562647784.0000000005207000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2022-09-17-00-05-23/PreSignInSettingsConfig.json?One |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2023-10-05-06-30-24/PreSignInSettingsConfig.json?One |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2023-10-05-06-40-12/PreSignInSettingsConfig.json |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/update100.xml?OneDriveUpdate=14d1c105224b3e736c3c |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/741e3e8c607c445262f3add0e58b18f19e0502af.xml?OneDriveUpdate=7fe112 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/ew-preload-inline-2523c8c1505f1172be19.js |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-104bffe9378b8041455c.js |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-35de8a913e.css |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-async-styles.a903b7d0ab82e5bd2f8a.chunk.v7.css |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bootstrap-5e7af218e953d095fabf.js |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bundle-3a99f64809c6780df035.js |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bundle-994d8943fc9264e2f8d3.css |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-fluent~left-nav-rc.ac5cfbeadfd63fc27ffd.chunk.v7.js |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-forms-group~mru~officeforms-group-forms~officeforms |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-left-nav-rc.68ab311bcca4f86f9ef5.chunk.v7.js |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-mru.2ce72562ad7c0ae7059c.chunk.v7.js |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendor-bundle-ba2888a24179bf152f3d.js |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendors~left-nav-rc.169ce481376dceef3ef6.chunk.v7.c |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendors~left-nav-rc.b24d6b48aeb44c7b5bf6.chunk.v7.j |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwaunauth-9d8bc214ac.css |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/sharedfontstyles-27fa2598d8.css |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/sharedscripts-939520eada.js |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/staticpwascripts-30998bff8f.js |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/bundles/staticstylesfabric-35c34b95e3.css |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/hero-image-desktop-f6720a4145.jpg |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/lockup-mslogo-color-78c06e8898.png |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/microsoft-365-logo-01d5ecd01a.png |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-apps-image-46596a6856.png |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-checkmark-image-1999f0bf81.png |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/versionless/officehome/thirdpartynotice.html |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_regular.woff2 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_semibold.woff2 |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, 00000006.00000002.2174707883.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
String found in binary or memory: https://www.google.com/accounts/servicelogin |
Source: bhvF6CA.tmp.4.dr |
String found in binary or memory: https://www.office.com/ |
Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 0_2_004168C1 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard, |
0_2_004168C1 |
Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 4_2_0040987A EmptyClipboard,wcslen,GlobalAlloc,GlobalFix,memcpy,GlobalUnWire,SetClipboardData,CloseClipboard, |
4_2_0040987A |
Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 4_2_004098E2 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalFix,ReadFile,GlobalUnWire,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard, |
4_2_004098E2 |
Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 5_2_00406DFC EmptyClipboard,GetFileSize,GlobalAlloc,GlobalFix,ReadFile,GlobalUnWire,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard, |
5_2_00406DFC |
Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 5_2_00406E9F EmptyClipboard,strlen,GlobalAlloc,GlobalFix,memcpy,GlobalUnWire,SetClipboardData,CloseClipboard, |
5_2_00406E9F |
Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 6_2_004068B5 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalFix,ReadFile,GlobalUnWire,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard, |
6_2_004068B5 |
Source: C:\Users\user\Desktop\17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe |
Code function: 6_2_004072B5 EmptyClipboard,strlen,GlobalAlloc,GlobalFix,memcpy,GlobalUnWire,SetClipboardData,CloseClipboard, |
6_2_004072B5 |
Source: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, type: SAMPLE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, type: SAMPLE |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe, type: SAMPLE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: amsi32_2064.amsi.csv, type: OTHER |
Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen |
Source: amsi32_5644.amsi.csv, type: OTHER |
Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen |
Source: 0.0.17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 0.0.17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0.0.17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 4.0.17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 4.0.17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 4.0.17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 5.0.17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 5.0.17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0.2.17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 5.0.17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 0.2.17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0.2.17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 6.0.17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 6.0.17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 6.0.17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 00000000.00000000.2093024228.0000000000459000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 00000000.00000002.4543603879.0000000000459000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 00000005.00000000.2171694344.0000000000459000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 00000004.00000000.2170895717.0000000000459000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 00000006.00000000.2172358054.0000000000459000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: Process Memory Space: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe PID: 4368, type: MEMORYSTR |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: Process Memory Space: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe PID: 3744, type: MEMORYSTR |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: Process Memory Space: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe PID: 3792, type: MEMORYSTR |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: Process Memory Space: 17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe PID: 3504, type: MEMORYSTR |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: Process Memory Space: powershell.exe PID: 2064, type: MEMORYSTR |
Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen |
Source: Process Memory Space: powershell.exe PID: 5644, type: MEMORYSTR |
Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen |