| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then movzx edx, byte ptr [esp+ecx+5A603547h] |
4_2_00410130 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov byte ptr [ebx], dl |
4_2_00410130 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then movzx ecx, byte ptr [ecx+eax-24F86745h] |
4_2_00410130 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov edx, ecx |
4_2_00410130 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov edx, ecx |
4_2_00410130 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then movzx esi, byte ptr [eax] |
4_2_004441F0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov edx, ecx |
4_2_0044137E |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov edx, ecx |
4_2_004413D5 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then jmp eax |
4_2_0041D5AF |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov edx, eax |
4_2_0043A97E |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then cmp dword ptr [eax+ebx*8], 7CDE1E50h |
4_2_0043A97E |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then cmp dword ptr [edi+esi*8], B62B8D10h |
4_2_0043A97E |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov byte ptr [ebx], cl |
4_2_0042EB60 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov ecx, eax |
4_2_0042EB60 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then lea edx, dword ptr [eax-80h] |
4_2_0042EB60 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then movzx ebx, byte ptr [esi+ecx+0000009Ch] |
4_2_0042EB60 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then movzx ecx, byte ptr [esi+eax+068F7B6Bh] |
4_2_0042EB60 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov dword ptr [esi+04h], eax |
4_2_0042EB60 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
4_2_0042EB60 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov dword ptr [eax+ebx], 30303030h |
4_2_00401000 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov dword ptr [eax+ebx], 20202020h |
4_2_00401000 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], B62B8D10h |
4_2_0043B170 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then movzx edx, byte ptr [esp+ecx+5A603547h] |
4_2_00410118 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov byte ptr [ebx], dl |
4_2_00410118 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then movzx ecx, byte ptr [ecx+eax-24F86745h] |
4_2_00410118 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov edx, ecx |
4_2_00410118 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov edx, ecx |
4_2_00410118 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then jmp edx |
4_2_004431D0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then xor byte ptr [ecx+ebx], bl |
4_2_004431D0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then movzx edx, byte ptr [esp+eax-7DC9E524h] |
4_2_004241E0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then jmp edx |
4_2_00442EB0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then xor byte ptr [ecx+ebx], bl |
4_2_00442EB0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then jmp edx |
4_2_004432C0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then xor byte ptr [ecx+ebx], bl |
4_2_004432C0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov byte ptr [eax+ebx], 00000030h |
4_2_004012D5 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov ecx, ebx |
4_2_00421333 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then movzx esi, byte ptr [eax] |
4_2_00444380 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then jmp edx |
4_2_004433B0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then xor byte ptr [ecx+ebx], bl |
4_2_004433B0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h |
4_2_0042E400 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then movzx ebx, byte ptr [esi+ecx+0000009Ch] |
4_2_0042F4DD |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then movzx ecx, byte ptr [esi+eax+068F7B6Bh] |
4_2_0042F4DD |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov dword ptr [esi+04h], eax |
4_2_0042F4DD |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
4_2_0042F4DD |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov ebx, eax |
4_2_0040D500 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov word ptr [ebx], ax |
4_2_0041F510 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov byte ptr [esi], cl |
4_2_0041F510 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then movzx edx, byte ptr [esp+ecx-67BC38F0h] |
4_2_00441648 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then movzx eax, word ptr [esi+ecx] |
4_2_0043C6D0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov word ptr [eax], cx |
4_2_0041C6E0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then movzx ebx, byte ptr [esp+ecx+52B71DE2h] |
4_2_00441720 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then xor byte ptr [ecx+ebx], bl |
4_2_00443720 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then movzx eax, byte ptr [esp+ebx-09A22FB6h] |
4_2_0043F7E0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then add ebp, dword ptr [esp+0Ch] |
4_2_0042E870 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then movzx ecx, byte ptr [edi+ebx] |
4_2_00405820 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov word ptr [eax], cx |
4_2_0041C8CE |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov ecx, eax |
4_2_0040E8D6 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx+esi] |
4_2_0040C960 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov ecx, eax |
4_2_0040E996 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then jmp eax |
4_2_0042AA40 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then movzx ecx, byte ptr [esp+eax+1817620Ch] |
4_2_0042AA60 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov word ptr [eax], cx |
4_2_0042CA72 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov word ptr [eax], cx |
4_2_0042CA72 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then movzx ecx, byte ptr [esp+eax+2BB126CDh] |
4_2_0043FAD0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov edi, edx |
4_2_00421B40 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then cmp al, 2Eh |
4_2_0042AC04 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov edi, esi |
4_2_0041ECDE |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
4_2_00437CA0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
4_2_0042DE70 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov dword ptr [esp+3Ch], 595A5B84h |
4_2_00440E3A |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then mov edi, dword ptr [esp+54h] |
4_2_0042CEDA |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then jmp edx |
4_2_00442EB0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then xor byte ptr [ecx+ebx], bl |
4_2_00442EB0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h |
4_2_00425F00 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4x nop then movzx edi, word ptr [edx] |
4_2_00428F00 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_006C0040 |
0_2_006C0040 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_00A42140 |
0_2_00A42140 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_00A42758 |
0_2_00A42758 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_00A46910 |
0_2_00A46910 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_00A456B8 |
0_2_00A456B8 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_00A45BD0 |
0_2_00A45BD0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_00A4274C |
0_2_00A4274C |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_00A47AA0 |
0_2_00A47AA0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_0536BC24 |
0_2_0536BC24 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_0536DBF0 |
0_2_0536DBF0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_0536DBE0 |
0_2_0536DBE0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_060C30E0 |
0_2_060C30E0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_060CE848 |
0_2_060CE848 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_060CD010 |
0_2_060CD010 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_060C30B0 |
0_2_060C30B0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_077B3118 |
0_2_077B3118 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_077BDE38 |
0_2_077BDE38 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_077BDE27 |
0_2_077BDE27 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_078523B0 |
0_2_078523B0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_0785ECA3 |
0_2_0785ECA3 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_0785DE18 |
0_2_0785DE18 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_0785FB90 |
0_2_0785FB90 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_0785DBFD |
0_2_0785DBFD |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_0785DC24 |
0_2_0785DC24 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_0785DC2A |
0_2_0785DC2A |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_0801EC18 |
0_2_0801EC18 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_0801D42F |
0_2_0801D42F |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_0801E050 |
0_2_0801E050 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_0801E8CA |
0_2_0801E8CA |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_08013E6E |
0_2_08013E6E |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_0801C3A7 |
0_2_0801C3A7 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080187F8 |
0_2_080187F8 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_0801FC28 |
0_2_0801FC28 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_0801E034 |
0_2_0801E034 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_0801B0B0 |
0_2_0801B0B0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_0801F0CA |
0_2_0801F0CA |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_0801F928 |
0_2_0801F928 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_0801F938 |
0_2_0801F938 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_08012B20 |
0_2_08012B20 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080A9028 |
0_2_080A9028 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080AB450 |
0_2_080AB450 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080A5898 |
0_2_080A5898 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080A6136 |
0_2_080A6136 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080A3DC8 |
0_2_080A3DC8 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080A0698 |
0_2_080A0698 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080A0006 |
0_2_080A0006 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080A0040 |
0_2_080A0040 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080AF470 |
0_2_080AF470 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080A5888 |
0_2_080A5888 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080A04E1 |
0_2_080A04E1 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080A04F0 |
0_2_080A04F0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080A3DB8 |
0_2_080A3DB8 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080A4DDA |
0_2_080A4DDA |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080A4DE0 |
0_2_080A4DE0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080A7E22 |
0_2_080A7E22 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080A7E30 |
0_2_080A7E30 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080A1248 |
0_2_080A1248 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080A1242 |
0_2_080A1242 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080A0269 |
0_2_080A0269 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080A0278 |
0_2_080A0278 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080A0695 |
0_2_080A0695 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_080A9790 |
0_2_080A9790 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Code function: 0_2_07852385 |
0_2_07852385 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_004100C5 |
4_2_004100C5 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0042509D |
4_2_0042509D |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00410130 |
4_2_00410130 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0043A2E0 |
4_2_0043A2E0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0041D5AF |
4_2_0041D5AF |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00444620 |
4_2_00444620 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0042A6D0 |
4_2_0042A6D0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00426800 |
4_2_00426800 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0040F970 |
4_2_0040F970 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0043A97E |
4_2_0043A97E |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0042EB60 |
4_2_0042EB60 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00401000 |
4_2_00401000 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00410118 |
4_2_00410118 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_004431D0 |
4_2_004431D0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_004331DE |
4_2_004331DE |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_004291E0 |
4_2_004291E0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_004241E0 |
4_2_004241E0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00442EB0 |
4_2_00442EB0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0040F250 |
4_2_0040F250 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0040B260 |
4_2_0040B260 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0040A270 |
4_2_0040A270 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0043E230 |
4_2_0043E230 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_004432C0 |
4_2_004432C0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_004012D5 |
4_2_004012D5 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0041E298 |
4_2_0041E298 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00408340 |
4_2_00408340 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00401328 |
4_2_00401328 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0042C3E0 |
4_2_0042C3E0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00442380 |
4_2_00442380 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_004433B0 |
4_2_004433B0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0042F4DD |
4_2_0042F4DD |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00429494 |
4_2_00429494 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_004094BF |
4_2_004094BF |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0041F510 |
4_2_0041F510 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_004255A4 |
4_2_004255A4 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_004335B0 |
4_2_004335B0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0042D642 |
4_2_0042D642 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0042762D |
4_2_0042762D |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_004386FE |
4_2_004386FE |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_004226A0 |
4_2_004226A0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0042762D |
4_2_0042762D |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0040D760 |
4_2_0040D760 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00441720 |
4_2_00441720 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00443720 |
4_2_00443720 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0040A730 |
4_2_0040A730 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00429494 |
4_2_00429494 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0042B7D9 |
4_2_0042B7D9 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0042B7FE |
4_2_0042B7FE |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00442850 |
4_2_00442850 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0041482A |
4_2_0041482A |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_004038E0 |
4_2_004038E0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00439940 |
4_2_00439940 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00407960 |
4_2_00407960 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00444920 |
4_2_00444920 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00431980 |
4_2_00431980 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0042AA40 |
4_2_0042AA40 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0042CA72 |
4_2_0042CA72 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00420A24 |
4_2_00420A24 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00421B40 |
4_2_00421B40 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0040DB20 |
4_2_0040DB20 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00415BD8 |
4_2_00415BD8 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00439BA0 |
4_2_00439BA0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00414BBF |
4_2_00414BBF |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00444C50 |
4_2_00444C50 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00434C60 |
4_2_00434C60 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0042AC04 |
4_2_0042AC04 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0043EC20 |
4_2_0043EC20 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0040ECC0 |
4_2_0040ECC0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00427CD2 |
4_2_00427CD2 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0041ECDE |
4_2_0041ECDE |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0040BD70 |
4_2_0040BD70 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00429D00 |
4_2_00429D00 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0040ADD0 |
4_2_0040ADD0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00432D80 |
4_2_00432D80 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00408DA0 |
4_2_00408DA0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00422E50 |
4_2_00422E50 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00416E10 |
4_2_00416E10 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_0042BE10 |
4_2_0042BE10 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00442EB0 |
4_2_00442EB0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00406F60 |
4_2_00406F60 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00428F00 |
4_2_00428F00 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00408DA0 |
4_2_00408DA0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00426F82 |
4_2_00426F82 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00434F80 |
4_2_00434F80 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00441F80 |
4_2_00441F80 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00409F9C |
4_2_00409F9C |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00404FA0 |
4_2_00404FA0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Code function: 4_2_00409FA8 |
4_2_00409FA8 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: mscoree.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: apphelp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: profapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: mswsock.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: userenv.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: msasn1.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: gpapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: dwrite.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: winhttp.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: webio.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: mswsock.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: winnsi.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: schannel.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: msasn1.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: gpapi.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: dpapi.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: userenv.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: profapi.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -32281802128991695s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -35000s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -34890s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -34781s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -34671s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -34562s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -34452s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -34343s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -34234s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -34124s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -34015s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -33906s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -33771s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -33625s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -33422s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -33271s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -33140s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -33031s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -32921s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -32812s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -32703s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -32593s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -32484s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -32375s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -32265s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -32155s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -32046s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -31937s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -31828s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -31718s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -31606s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -31484s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -31375s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -31264s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -31156s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -31046s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -30937s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -30828s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -30718s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -30609s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -30500s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -30390s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -30281s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -30171s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe TID: 1264 |
Thread sleep time: -30062s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 4712 |
Thread sleep time: -90000s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 35000 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 34890 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 34781 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 34671 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 34562 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 34452 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 34343 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 34234 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 34124 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 34015 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 33906 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 33771 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 33625 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 33422 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 33271 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 33140 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 33031 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 32921 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 32812 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 32703 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 32593 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 32484 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 32375 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 32265 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 32155 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 32046 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 31937 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 31828 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 31718 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 31606 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 31484 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 31375 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 31264 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 31156 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 31046 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 30937 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 30828 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 30718 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 30609 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 30500 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 30390 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 30281 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 30171 |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Lumma.749.31391.1681.exe |
Thread delayed: delay time: 30062 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents\EFOYFBOLXA |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents\EFOYFBOLXA |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents\GRXZDKKVDB |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents\GRXZDKKVDB |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents\HMPPSXQPQV |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents\HMPPSXQPQV |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents\NVWZAPQSQL |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents\NVWZAPQSQL |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents\UNKRLCVOHV |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents\UNKRLCVOHV |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents\NVWZAPQSQL |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents\NVWZAPQSQL |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents\EOWRVPQCCS |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents\EOWRVPQCCS |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents\GRXZDKKVDB |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents\GRXZDKKVDB |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents\HMPPSXQPQV |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents\HMPPSXQPQV |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents\NYMMPCEIMA |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe |
Directory queried: C:\Users\user\Documents\NYMMPCEIMA |
Jump to behavior |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet