Source: 00000002.00000002.321700699296.00000000060D7000.00000004.00000020.00020000.00000000.sdmp |
Malware Configuration Extractor: Remcos {"Host:Port:Password": "66.150.198.142:2700:166.150.198.142:27000:166.150.198.142:26000:166.150.198.142:28000:1", "Assigned name": "RemoteHost", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "Rmc-I617OK", "Keylog flag": "0", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5"} |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 0_2_0040596D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
0_2_0040596D |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 0_2_004065A2 FindFirstFileW,FindClose, |
0_2_004065A2 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 2_2_36F710F1 lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
2_2_36F710F1 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 2_2_36F76580 FindFirstFileExA, |
2_2_36F76580 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_0040AE51 FindFirstFileW,FindNextFileW, |
3_2_0040AE51 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_00407EF8 FindFirstFileA,FindNextFileA,strlen,strlen, |
4_2_00407EF8 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen, |
5_2_00407898 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 66.150.198.142 |
Source: Nutzen_Unterschrift_Planen#2024.com.exe, 00000002.00000002.321700699296.00000000060D7000.00000004.00000020.00020000.00000000.sdmp, Nutzen_Unterschrift_Planen#2024.com.exe, 00000002.00000002.321701674834.0000000007EA0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://66.150.198.142/lOqpXUmQJccVjyn149.bin |
Source: Nutzen_Unterschrift_Planen#2024.com.exe, 00000000.00000002.316844831465.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Nutzen_Unterschrift_Planen#2024.com.exe, 00000000.00000000.316597134782.000000000040A000.00000008.00000001.01000000.00000003.sdmp, Nutzen_Unterschrift_Planen#2024.com.exe, 00000002.00000002.321687991478.000000000040A000.00000008.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: Nutzen_Unterschrift_Planen#2024.com.exe |
String found in binary or memory: http://www.ebuddy.com |
Source: Nutzen_Unterschrift_Planen#2024.com.exe |
String found in binary or memory: http://www.imvu.com |
Source: Nutzen_Unterschrift_Planen#2024.com.exe, 00000002.00000002.321711266597.0000000036F40000.00000040.10000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com |
Source: Nutzen_Unterschrift_Planen#2024.com.exe, 00000002.00000002.321711266597.0000000036F40000.00000040.10000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.imvu.comr |
Source: Nutzen_Unterschrift_Planen#2024.com.exe |
String found in binary or memory: http://www.nirsoft.net/ |
Source: Nutzen_Unterschrift_Planen#2024.com.exe |
String found in binary or memory: https://login.yahoo.com/config/login |
Source: Nutzen_Unterschrift_Planen#2024.com.exe, 00000003.00000003.316893104356.0000000002421000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=1 |
Source: Nutzen_Unterschrift_Planen#2024.com.exe, 00000003.00000003.316893104356.0000000002421000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico |
Source: Nutzen_Unterschrift_Planen#2024.com.exe |
String found in binary or memory: https://www.google.com |
Source: Nutzen_Unterschrift_Planen#2024.com.exe |
String found in binary or memory: https://www.google.com/accounts/servicelogin |
Source: Nutzen_Unterschrift_Planen#2024.com.exe, 00000003.00000003.316893104356.0000000002421000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/?ocid=iehp |
Source: Nutzen_Unterschrift_Planen#2024.com.exe, 00000003.00000003.316893104356.0000000002421000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_0040987A EmptyClipboard,wcslen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard, |
3_2_0040987A |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_004098E2 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard, |
3_2_004098E2 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_00406DFC EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard, |
4_2_00406DFC |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_00406E9F EmptyClipboard,strlen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard, |
4_2_00406E9F |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_004068B5 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard, |
5_2_004068B5 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_004072B5 EmptyClipboard,strlen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard, |
5_2_004072B5 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle, |
3_2_0040DD85 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_00401806 NtdllDefWindowProc_W, |
3_2_00401806 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_004018C0 NtdllDefWindowProc_W, |
3_2_004018C0 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_004016FD NtdllDefWindowProc_A, |
4_2_004016FD |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_004017B7 NtdllDefWindowProc_A, |
4_2_004017B7 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_00402CAC NtdllDefWindowProc_A, |
5_2_00402CAC |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_00402D66 NtdllDefWindowProc_A, |
5_2_00402D66 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 0_2_00403350 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_00403350 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 2_2_36F7B5C1 |
2_2_36F7B5C1 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 2_2_36F87194 |
2_2_36F87194 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_00406E8F |
3_2_00406E8F |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_0044B040 |
3_2_0044B040 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_0043610D |
3_2_0043610D |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_00447310 |
3_2_00447310 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_0044A490 |
3_2_0044A490 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_0040755A |
3_2_0040755A |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_0043C560 |
3_2_0043C560 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_0044B610 |
3_2_0044B610 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_0044D6C0 |
3_2_0044D6C0 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_004476F0 |
3_2_004476F0 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_0044B870 |
3_2_0044B870 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_0044081D |
3_2_0044081D |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_00414957 |
3_2_00414957 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_004079EE |
3_2_004079EE |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_00407AEB |
3_2_00407AEB |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_0044AA80 |
3_2_0044AA80 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_00412AA9 |
3_2_00412AA9 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_00404B74 |
3_2_00404B74 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_00404B03 |
3_2_00404B03 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_0044BBD8 |
3_2_0044BBD8 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_00404BE5 |
3_2_00404BE5 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_00404C76 |
3_2_00404C76 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_00415CFE |
3_2_00415CFE |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_00416D72 |
3_2_00416D72 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_00446D30 |
3_2_00446D30 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_00446D8B |
3_2_00446D8B |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_00405038 |
4_2_00405038 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_0041208C |
4_2_0041208C |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_004050A9 |
4_2_004050A9 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_0040511A |
4_2_0040511A |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_0043C13A |
4_2_0043C13A |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_004051AB |
4_2_004051AB |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_00449300 |
4_2_00449300 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_0040D322 |
4_2_0040D322 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_0044A4F0 |
4_2_0044A4F0 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_0043A5AB |
4_2_0043A5AB |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_00413631 |
4_2_00413631 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_00446690 |
4_2_00446690 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_0044A730 |
4_2_0044A730 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_004398D8 |
4_2_004398D8 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_004498E0 |
4_2_004498E0 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_0044A886 |
4_2_0044A886 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_0043DA09 |
4_2_0043DA09 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_00438D5E |
4_2_00438D5E |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_00449ED0 |
4_2_00449ED0 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_0041FE83 |
4_2_0041FE83 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_00430F54 |
4_2_00430F54 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_004050C2 |
5_2_004050C2 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_004014AB |
5_2_004014AB |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_00405133 |
5_2_00405133 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_004051A4 |
5_2_004051A4 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_00401246 |
5_2_00401246 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_0040CA46 |
5_2_0040CA46 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_00405235 |
5_2_00405235 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_004032C8 |
5_2_004032C8 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_004222D9 |
5_2_004222D9 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_00401689 |
5_2_00401689 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_00402F60 |
5_2_00402F60 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: String function: 004169A7 appears 86 times |
|
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: String function: 0044DB70 appears 41 times |
|
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: String function: 004165FF appears 35 times |
|
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: String function: 00422297 appears 42 times |
|
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: String function: 00444B5A appears 37 times |
|
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: String function: 00413025 appears 79 times |
|
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: String function: 00416760 appears 69 times |
|
Source: Nutzen_Unterschrift_Planen#2024.com.exe, 00000000.00000000.316597226950.00000000007E3000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenamebirky festivalfolket.exev+ vs Nutzen_Unterschrift_Planen#2024.com.exe |
Source: Nutzen_Unterschrift_Planen#2024.com.exe, 00000002.00000002.321688063837.00000000007E3000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenamebirky festivalfolket.exev+ vs Nutzen_Unterschrift_Planen#2024.com.exe |
Source: Nutzen_Unterschrift_Planen#2024.com.exe, 00000002.00000003.316868127116.0000000036921000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamemspass.exe8 vs Nutzen_Unterschrift_Planen#2024.com.exe |
Source: Nutzen_Unterschrift_Planen#2024.com.exe, 00000002.00000003.316870383333.000000000610B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamemspass.exe8 vs Nutzen_Unterschrift_Planen#2024.com.exe |
Source: Nutzen_Unterschrift_Planen#2024.com.exe, 00000002.00000003.316904156603.000000000612A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamemspass.exe8 vs Nutzen_Unterschrift_Planen#2024.com.exe |
Source: Nutzen_Unterschrift_Planen#2024.com.exe, 00000002.00000002.321711266597.0000000036F5B000.00000040.10000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenamemspass.exe8 vs Nutzen_Unterschrift_Planen#2024.com.exe |
Source: Nutzen_Unterschrift_Planen#2024.com.exe |
Binary or memory string: OriginalFileName vs Nutzen_Unterschrift_Planen#2024.com.exe |
Source: Nutzen_Unterschrift_Planen#2024.com.exe |
Binary or memory string: OriginalFilename vs Nutzen_Unterschrift_Planen#2024.com.exe |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 0_2_00403350 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_00403350 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_00410DE1 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueA,GetProcAddress,AdjustTokenPrivileges,CloseHandle, |
5_2_00410DE1 |
Source: Nutzen_Unterschrift_Planen#2024.com.exe |
Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence'; |
Source: Nutzen_Unterschrift_Planen#2024.com.exe |
Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q); |
Source: Nutzen_Unterschrift_Planen#2024.com.exe |
Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0 |
Source: Nutzen_Unterschrift_Planen#2024.com.exe |
Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s; |
Source: Nutzen_Unterschrift_Planen#2024.com.exe |
Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s; |
Source: Nutzen_Unterschrift_Planen#2024.com.exe |
Binary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' |
Source: unknown |
Process created: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe "C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe" |
|
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process created: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe "C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe" |
|
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process created: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe /stext "C:\Users\user\AppData\Local\Temp\ubmgcrsfyvpwitpwpupfvcprqao" |
|
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process created: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe /stext "C:\Users\user\AppData\Local\Temp\fdszcjcgmdhbszdagejyggbiyhyoajw" |
|
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process created: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe /stext "C:\Users\user\AppData\Local\Temp\pxxsdbnaalzgvfzeppwajtwrhnqxtundeo" |
|
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process created: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe "C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe" |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process created: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe /stext "C:\Users\user\AppData\Local\Temp\ubmgcrsfyvpwitpwpupfvcprqao" |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process created: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe /stext "C:\Users\user\AppData\Local\Temp\fdszcjcgmdhbszdagejyggbiyhyoajw" |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process created: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe /stext "C:\Users\user\AppData\Local\Temp\pxxsdbnaalzgvfzeppwajtwrhnqxtundeo" |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: edgegdi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: edgegdi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: edgegdi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: pstorec.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: edgegdi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: pstorec.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: edgegdi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 0_2_10002DE0 push eax; ret |
0_2_10002E0E |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 2_2_36F72806 push ecx; ret |
2_2_36F72819 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_0044693D push ecx; ret |
3_2_0044694D |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_0044DB70 push eax; ret |
3_2_0044DB84 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_0044DB70 push eax; ret |
3_2_0044DBAC |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_00451D54 push eax; ret |
3_2_00451D61 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_0044B090 push eax; ret |
4_2_0044B0A4 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_0044B090 push eax; ret |
4_2_0044B0CC |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_00451D34 push eax; ret |
4_2_00451D41 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_00444E71 push ecx; ret |
4_2_00444E81 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_00414060 push eax; ret |
5_2_00414074 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_00414060 push eax; ret |
5_2_0041409C |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_00414039 push ecx; ret |
5_2_00414049 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_004164EB push 0000006Ah; retf |
5_2_004165C4 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_00416553 push 0000006Ah; retf |
5_2_004165C4 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_00416555 push 0000006Ah; retf |
5_2_004165C4 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 0_2_0040596D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
0_2_0040596D |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 0_2_004065A2 FindFirstFileW,FindClose, |
0_2_004065A2 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 2_2_36F710F1 lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
2_2_36F710F1 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 2_2_36F76580 FindFirstFileExA, |
2_2_36F76580 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 3_2_0040AE51 FindFirstFileW,FindNextFileW, |
3_2_0040AE51 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 4_2_00407EF8 FindFirstFileA,FindNextFileA,strlen,strlen, |
4_2_00407EF8 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 5_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen, |
5_2_00407898 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
Code function: 0_2_00403350 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_00403350 |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\places.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\key4.db |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\Nutzen_Unterschrift_Planen#2024.com.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data |
Jump to behavior |