| Source: 00000006.00000002.3526620683.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: cloudewahsj.shop |
| Source: 00000006.00000002.3526620683.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: rabidcowse.shop |
| Source: 00000006.00000002.3526620683.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: noisycuttej.shop |
| Source: 00000006.00000002.3526620683.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: tirepublicerj.shop |
| Source: 00000006.00000002.3526620683.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: framekgirus.shop |
| Source: 00000006.00000002.3526620683.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: wholersorie.shop |
| Source: 00000006.00000002.3526620683.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: abruptyopsn.shop |
| Source: 00000006.00000002.3526620683.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: nearycrepso.shop |
| Source: 00000006.00000002.3526620683.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: fancywaxxers.shop |
| Source: 00000006.00000002.3526620683.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: lid=%s&j=%s&ver=4.0 |
| Source: 00000006.00000002.3526620683.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: TeslaBrowser/5.5 |
| Source: 00000006.00000002.3526620683.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: - Screen Resoluton: |
| Source: 00000006.00000002.3526620683.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: - Physical Installed Memory: |
| Source: 00000006.00000002.3526620683.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: Workgroup: - |
| Source: 00000006.00000002.3526620683.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: BVnUqo--@youngesstt |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then movzx ebx, byte ptr [esp+esi+0Ch] | 6_2_00437120 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov eax, dword ptr [004480B0h] | 6_2_0040C2D9 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 385488F2h | 6_2_0043C499 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then movzx edx, byte ptr [esp+ecx+14h] | 6_2_0040BB4E |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov word ptr [eax], dx | 6_2_00418D53 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov word ptr [eax], cx | 6_2_00417F6B |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov edx, ecx | 6_2_00416040 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then jmp eax | 6_2_0041C066 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov byte ptr [esi], al | 6_2_0041C07E |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then jmp eax | 6_2_0041C061 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then jmp eax | 6_2_0041BCF8 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov eax, dword ptr [edi+0Ch] | 6_2_004022C0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then movzx edx, byte ptr [ecx+eax+69E06B08h] | 6_2_004222D9 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov byte ptr [eax], cl | 6_2_004222D9 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov byte ptr [eax], cl | 6_2_004222D9 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov byte ptr [eax], cl | 6_2_004222D9 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov edx, dword ptr [ebp-18h] | 6_2_004222D9 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov byte ptr [ebp+00h], al | 6_2_0041E2F0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then movzx edi, byte ptr [esp+esi+2Ah] | 6_2_0041E2F0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then movzx ebx, byte ptr [esp+eax+00BC092Ch] | 6_2_0043E2F0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then add eax, eax | 6_2_004082A0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then movzx ecx, byte ptr [esp+eax+2BCA296Dh] | 6_2_0042C2BA |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov edx, ecx | 6_2_004152B8 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then movzx ecx, byte ptr [esp+eax+3CA787A0h] | 6_2_0043C36F |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], 088030A7h | 6_2_0041A300 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then cmp dword ptr [edi+esi*8], 11A82DE9h | 6_2_0041A300 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 11A82DE9h | 6_2_0041A300 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov edx, ecx | 6_2_0041A300 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], 6E87DD67h | 6_2_0041A300 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then cmp dword ptr [edi+esi*8], 6E87DD67h | 6_2_0041A300 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then cmp dword ptr [ebx+edi*8], 11A82DE9h | 6_2_0041A300 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h | 6_2_0041A300 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-2FE804DEh] | 6_2_0042739B |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h] | 6_2_00407400 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then movzx ecx, word ptr [edi+esi*4] | 6_2_00407400 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then movzx edi, byte ptr [esp+eax+10h] | 6_2_0043C40A |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h | 6_2_00415415 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h | 6_2_00415415 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov byte ptr [esi], cl | 6_2_0042C4DC |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov byte ptr [esi], al | 6_2_0042C4DC |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov byte ptr [esi], al | 6_2_0041C5DE |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov byte ptr [esi], cl | 6_2_0042C59E |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov byte ptr [esi], al | 6_2_0042C59E |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov byte ptr [esi], cl | 6_2_0042C642 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov byte ptr [esi], al | 6_2_0042C642 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov byte ptr [ecx], al | 6_2_0041C653 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov ebx, dword ptr [edi+04h] | 6_2_00429610 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov dword ptr [esi+08h], eax | 6_2_00419612 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then jmp eax | 6_2_00424690 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then movzx eax, word ptr [ecx] | 6_2_00424690 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then movzx edx, word ptr [ecx] | 6_2_00424690 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then movzx ebx, byte ptr [ecx+edx] | 6_2_0043B760 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov eax, dword ptr [ebp+0Ch] | 6_2_00417778 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then movzx edx, byte ptr [esp+ecx+35E89369h] | 6_2_00409720 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov edx, ecx | 6_2_00428725 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov eax, ecx | 6_2_00428725 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then cmp word ptr [ebp+esi+02h], 0000h | 6_2_004207B0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov edx, ecx | 6_2_00428824 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then jmp dword ptr [0044478Ch] | 6_2_0041682D |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov ebx, eax | 6_2_004058A0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov ebp, eax | 6_2_004058A0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov word ptr [eax], cx | 6_2_004218B0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then movzx ebx, byte ptr [edx] | 6_2_00434940 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov byte ptr [ebx], cl | 6_2_0042A960 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then dec ebx | 6_2_00426921 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov ecx, esi | 6_2_0041CA4D |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov word ptr [eax], cx | 6_2_0041CA4D |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov edx, ecx | 6_2_0041BA54 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then movzx edi, byte ptr [esp+eax+2BCA2901h] | 6_2_00437A6B |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then movzx edx, byte ptr [esp+eax+30h] | 6_2_00428A10 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov eax, dword ptr [ebp+0Ch] | 6_2_00417778 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 385488F2h | 6_2_0043CB75 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h | 6_2_00429BC0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov ecx, eax | 6_2_0042ABC8 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 385488F2h | 6_2_0043CB73 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then movzx esi, byte ptr [esp+ecx+02h] | 6_2_00421BE0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov ecx, eax | 6_2_0042AB83 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 385488F2h | 6_2_0043CB80 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then movzx edi, byte ptr [ecx+esi] | 6_2_00402BA0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov ecx, eax | 6_2_0042AB36 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then jmp eax | 6_2_0041BCF8 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov ebp, eax | 6_2_00426DB3 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then movzx ecx, byte ptr [esp+eax+20h] | 6_2_00425E30 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov byte ptr [esi], al | 6_2_0041BEBE |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov byte ptr [eax], cl | 6_2_0042AF49 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov byte ptr [esi], al | 6_2_0042AF49 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then movzx ecx, byte ptr [esp+ebp+543E9DE5h] | 6_2_00408FE0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then cmp dword ptr [edi+esi*8], 06702B10h | 6_2_0043AF80 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov byte ptr [eax], cl | 6_2_0042AF8C |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 4x nop then mov byte ptr [esi], al | 6_2_0042AF8C |
| Source: Loader.exe | String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01 |
| Source: Loader.exe, 00000006.00000003.3519855745.00000000059B9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0 |
| Source: Loader.exe, 00000006.00000003.3519855745.00000000059B9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
| Source: Loader.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
| Source: Loader.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
| Source: Loader.exe | String found in binary or memory: http://crl.entrust.net/2048ca.crl0 |
| Source: Loader.exe | String found in binary or memory: http://crl.entrust.net/ts1ca.crl0 |
| Source: Loader.exe, 00000006.00000002.3527107091.0000000003235000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.micro |
| Source: Loader.exe, 00000006.00000003.3519855745.00000000059B9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0 |
| Source: Loader.exe, 00000006.00000003.3519855745.00000000059B9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
| Source: Loader.exe, 00000006.00000003.3519855745.00000000059B9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
| Source: Loader.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
| Source: Loader.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
| Source: Loader.exe, 00000006.00000003.3519855745.00000000059B9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00 |
| Source: Loader.exe | String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
| Source: Loader.exe, 00000006.00000003.3519855745.00000000059B9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0? |
| Source: Loader.exe | String found in binary or memory: http://ocsp.digicert.com0 |
| Source: Loader.exe | String found in binary or memory: http://ocsp.digicert.com0A |
| Source: Loader.exe | String found in binary or memory: http://ocsp.entrust.net02 |
| Source: Loader.exe | String found in binary or memory: http://ocsp.entrust.net03 |
| Source: Loader.exe, 00000006.00000003.3519855745.00000000059B9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.rootca1.amazontrust.com0: |
| Source: Loader.exe | String found in binary or memory: http://www.digicert.com/CPS0 |
| Source: Loader.exe | String found in binary or memory: http://www.entrust.net/rpa03 |
| Source: Loader.exe, 00000006.00000003.3519855745.00000000059B9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.c.lencr.org/0 |
| Source: Loader.exe, 00000006.00000003.3519855745.00000000059B9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.i.lencr.org/0 |
| Source: Loader.exe, 00000006.00000003.3490854232.00000000059CC000.00000004.00000800.00020000.00000000.sdmp, Loader.exe, 00000006.00000003.3490986660.00000000059CA000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
| Source: Loader.exe, 00000006.00000003.3521823674.0000000005989000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417. |
| Source: Loader.exe, 00000006.00000003.3521823674.0000000005989000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta |
| Source: Loader.exe, 00000006.00000003.3490854232.00000000059CC000.00000004.00000800.00020000.00000000.sdmp, Loader.exe, 00000006.00000003.3490986660.00000000059CA000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
| Source: Loader.exe, 00000006.00000003.3490854232.00000000059CC000.00000004.00000800.00020000.00000000.sdmp, Loader.exe, 00000006.00000003.3490986660.00000000059CA000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
| Source: Loader.exe, 00000006.00000003.3490854232.00000000059CC000.00000004.00000800.00020000.00000000.sdmp, Loader.exe, 00000006.00000003.3490986660.00000000059CA000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
| Source: Loader.exe, 00000006.00000003.3521823674.0000000005989000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg |
| Source: Loader.exe, 00000006.00000003.3521823674.0000000005989000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg |
| Source: Loader.exe, 00000006.00000003.3490854232.00000000059CC000.00000004.00000800.00020000.00000000.sdmp, Loader.exe, 00000006.00000003.3490986660.00000000059CA000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/ac/?q= |
| Source: Loader.exe, 00000006.00000003.3490854232.00000000059CC000.00000004.00000800.00020000.00000000.sdmp, Loader.exe, 00000006.00000003.3490986660.00000000059CA000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/chrome_newtab |
| Source: Loader.exe, 00000006.00000003.3490854232.00000000059CC000.00000004.00000800.00020000.00000000.sdmp, Loader.exe, 00000006.00000003.3490986660.00000000059CA000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
| Source: Loader.exe, 00000006.00000002.3527107091.000000000329E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://fancywaxxers.shop/ |
| Source: Loader.exe, 00000006.00000002.3527107091.000000000329E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://fancywaxxers.shop/api |
| Source: Loader.exe, 00000006.00000002.3527107091.0000000003235000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://fancywaxxers.shop/apim |
| Source: Loader.exe, 00000006.00000002.3527107091.0000000003219000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://fancywaxxers.shop/apitd |
| Source: Loader.exe, 00000006.00000002.3527107091.0000000003235000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://fancywaxxers.shop:443/api4p.default-release/key4.dbPK |
| Source: Loader.exe, 00000006.00000003.3521823674.0000000005989000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi |
| Source: Loader.exe, 00000006.00000003.3493201418.00000000059E1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.microsof |
| Source: Loader.exe, 00000006.00000003.3521344950.0000000005BE1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
| Source: Loader.exe, 00000006.00000003.3521344950.0000000005BE1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all |
| Source: Loader.exe, 00000006.00000003.3493201418.00000000059DF000.00000004.00000800.00020000.00000000.sdmp, Loader.exe, 00000006.00000003.3508198690.00000000059D8000.00000004.00000800.00020000.00000000.sdmp, Loader.exe, 00000006.00000003.3508412726.00000000059D8000.00000004.00000800.00020000.00000000.sdmp, Loader.exe, 00000006.00000003.3493674605.00000000059D8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 |
| Source: Loader.exe, 00000006.00000003.3493674605.00000000059B3000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples |
| Source: Loader.exe, 00000006.00000003.3493201418.00000000059DF000.00000004.00000800.00020000.00000000.sdmp, Loader.exe, 00000006.00000003.3508198690.00000000059D8000.00000004.00000800.00020000.00000000.sdmp, Loader.exe, 00000006.00000003.3508412726.00000000059D8000.00000004.00000800.00020000.00000000.sdmp, Loader.exe, 00000006.00000003.3493674605.00000000059D8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17 |
| Source: Loader.exe, 00000006.00000003.3493674605.00000000059B3000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install |
| Source: Loader.exe, 00000006.00000003.3521823674.0000000005989000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94 |
| Source: Loader.exe, 00000006.00000003.3490854232.00000000059CC000.00000004.00000800.00020000.00000000.sdmp, Loader.exe, 00000006.00000003.3490986660.00000000059CA000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.ecosia.org/newtab/ |
| Source: Loader.exe | String found in binary or memory: https://www.entrust.net/rpa0 |
| Source: Loader.exe, 00000006.00000003.3521823674.0000000005989000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219 |
| Source: Loader.exe, 00000006.00000003.3490854232.00000000059CC000.00000004.00000800.00020000.00000000.sdmp, Loader.exe, 00000006.00000003.3490986660.00000000059CA000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
| Source: Loader.exe, 00000006.00000003.3521344950.0000000005BE1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2 |
| Source: Loader.exe, 00000006.00000003.3521344950.0000000005BE1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR |
| Source: Loader.exe, 00000006.00000003.3521344950.0000000005BE1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
| Source: Loader.exe, 00000006.00000003.3521344950.0000000005BE1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
| Source: Loader.exe, 00000006.00000003.3521344950.0000000005BE1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 0_2_002C0040 | 0_2_002C0040 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 0_2_002B6107 | 0_2_002B6107 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 0_2_002CB57E | 0_2_002CB57E |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 0_2_002BA962 | 0_2_002BA962 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 0_2_002CBD79 | 0_2_002CBD79 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 0_2_002CDFC2 | 0_2_002CDFC2 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_002C0040 | 6_2_002C0040 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_002B6107 | 6_2_002B6107 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_002CB57E | 6_2_002CB57E |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_002BA962 | 6_2_002BA962 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_002CBD79 | 6_2_002CBD79 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_002CDFC2 | 6_2_002CDFC2 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_004210F0 | 6_2_004210F0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00437120 | 6_2_00437120 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0040C4E7 | 6_2_0040C4E7 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00408720 | 6_2_00408720 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0040BB4E | 6_2_0040BB4E |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00418D53 | 6_2_00418D53 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00417F6B | 6_2_00417F6B |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00416040 | 6_2_00416040 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00426060 | 6_2_00426060 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0042800A | 6_2_0042800A |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0041B0F0 | 6_2_0041B0F0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0042E08E | 6_2_0042E08E |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0040E144 | 6_2_0040E144 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00429134 | 6_2_00429134 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00406190 | 6_2_00406190 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0041719D | 6_2_0041719D |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_004251A0 | 6_2_004251A0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0041623C | 6_2_0041623C |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_004092C0 | 6_2_004092C0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_004222D9 | 6_2_004222D9 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0041E2F0 | 6_2_0041E2F0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_004302F0 | 6_2_004302F0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_004172F5 | 6_2_004172F5 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00404290 | 6_2_00404290 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0042C2BA | 6_2_0042C2BA |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0041A300 | 6_2_0041A300 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00438320 | 6_2_00438320 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0041B3F0 | 6_2_0041B3F0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0042739B | 6_2_0042739B |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00418448 | 6_2_00418448 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00416450 | 6_2_00416450 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00407400 | 6_2_00407400 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0043E400 | 6_2_0043E400 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0042B420 | 6_2_0042B420 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_004384B4 | 6_2_004384B4 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00412580 | 6_2_00412580 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0040E59B | 6_2_0040E59B |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00419612 | 6_2_00419612 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00406620 | 6_2_00406620 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00436630 | 6_2_00436630 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00424690 | 6_2_00424690 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00417778 | 6_2_00417778 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0041C700 | 6_2_0041C700 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0043E700 | 6_2_0043E700 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00409720 | 6_2_00409720 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0041D720 | 6_2_0041D720 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00428725 | 6_2_00428725 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00415798 | 6_2_00415798 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_004207B0 | 6_2_004207B0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0043A7B0 | 6_2_0043A7B0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0042D826 | 6_2_0042D826 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00428824 | 6_2_00428824 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0041682D | 6_2_0041682D |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_004278D2 | 6_2_004278D2 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_004038E0 | 6_2_004038E0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00436890 | 6_2_00436890 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_004058A0 | 6_2_004058A0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00426921 | 6_2_00426921 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_004089C0 | 6_2_004089C0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0040A9C0 | 6_2_0040A9C0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_004259B0 | 6_2_004259B0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0043D9B0 | 6_2_0043D9B0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00411A5B | 6_2_00411A5B |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00437A6B | 6_2_00437A6B |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0041DA00 | 6_2_0041DA00 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0043EA10 | 6_2_0043EA10 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00417778 | 6_2_00417778 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0043DAA0 | 6_2_0043DAA0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0043BABE | 6_2_0043BABE |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0041FB52 | 6_2_0041FB52 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0042EB57 | 6_2_0042EB57 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00423B22 | 6_2_00423B22 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0043DBD0 | 6_2_0043DBD0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00421BE0 | 6_2_00421BE0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0043ABF0 | 6_2_0043ABF0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0042BB87 | 6_2_0042BB87 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00437B90 | 6_2_00437B90 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00431C00 | 6_2_00431C00 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00428C90 | 6_2_00428C90 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0043ED50 | 6_2_0043ED50 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00436D60 | 6_2_00436D60 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00434D6B | 6_2_00434D6B |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00426DB3 | 6_2_00426DB3 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0040AE70 | 6_2_0040AE70 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0041DE10 | 6_2_0041DE10 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00425E30 | 6_2_00425E30 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0040EEE0 | 6_2_0040EEE0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00402EE0 | 6_2_00402EE0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0042BEF5 | 6_2_0042BEF5 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0041CEA0 | 6_2_0041CEA0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00435F78 | 6_2_00435F78 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_00422FDB | 6_2_00422FDB |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: 6_2_0043AF80 | 6_2_0043AF80 |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: winhttp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: webio.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: mswsock.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: winnsi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: dnsapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: rasadhlp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: schannel.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: ntasn1.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: ncrypt.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: gpapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: dpapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: wbemcomn.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: amsi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: EnumSystemLocalesW, | 0_2_002C349D |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, | 0_2_002C7527 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: EnumSystemLocalesW, | 0_2_002C7778 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, | 0_2_002C7820 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: EnumSystemLocalesW, | 0_2_002C7A73 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: GetLocaleInfoW, | 0_2_002C7AE0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: EnumSystemLocalesW, | 0_2_002C7BB5 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: GetLocaleInfoW, | 0_2_002C7C00 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, | 0_2_002C7CA7 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: GetLocaleInfoW, | 0_2_002C7DAD |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: GetLocaleInfoW, | 0_2_002C2F95 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: EnumSystemLocalesW, | 6_2_002C349D |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, | 6_2_002C7527 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: EnumSystemLocalesW, | 6_2_002C7778 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, | 6_2_002C7820 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: EnumSystemLocalesW, | 6_2_002C7A73 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: GetLocaleInfoW, | 6_2_002C7AE0 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: EnumSystemLocalesW, | 6_2_002C7BB5 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: GetLocaleInfoW, | 6_2_002C7C00 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, | 6_2_002C7CA7 |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: GetLocaleInfoW, | 6_2_002C7DAD |
| Source: C:\Users\user\Desktop\Loader.exe | Code function: GetLocaleInfoW, | 6_2_002C2F95 |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data | Jump to behavior |
| Source: C:\Users\user\Desktop\Loader.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj | Jump to behavior |
Edit tour
Loader.exe (PID: 7476 cmdline: 
conhost.exe (PID: 7484 cmdline: 
WerFault.exe (PID: 6488 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node