Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A41C088 FindClose,FindFirstFileExW,GetLastError, |
0_2_00007FF67A41C088 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A41C138 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle, |
0_2_00007FF67A41C138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: file.exe, 00000000.00000003.1959673962.000002653F684000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807857552.000002653F671000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1959468011.000002653F680000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1959429528.000002653F680000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ns.microsoft.t/Regi |
Source: file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.org |
Source: file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.org/ |
Source: file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.org/i |
Source: file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.org3S4 |
Source: file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.orgCSD |
Source: file.exe, 00000000.00000003.1822746717.000002653FA17000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417. |
Source: file.exe, 00000000.00000003.1822746717.000002653FA17000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta |
Source: file.exe, 00000000.00000003.1811211841.000002653F9B3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: file.exe, 00000000.00000003.1822746717.000002653FA17000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg |
Source: file.exe, 00000000.00000003.1822746717.000002653FA17000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg |
Source: file.exe, 00000000.00000003.1822746717.000002653FA17000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi |
Source: file.exe, 00000000.00000003.1819856920.0000026540151000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1816063856.000002653FA5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817503166.000002653ECC8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817503166.000002653ECC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1816063856.000002653FAC6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817293847.000002653FACE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1816063856.000002653FA53000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org |
Source: file.exe, 00000000.00000003.1816063856.000002653FA63000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: file.exe, 00000000.00000003.1816063856.000002653FA63000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF |
Source: file.exe, 00000000.00000003.1812096057.000002653F95B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812116653.000002653FA03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811041441.000002653FA03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811602481.000002653FA03000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 |
Source: file.exe, 00000000.00000003.1811041441.000002653F9DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811211841.000002653F978000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811407388.000002653CE0E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples |
Source: file.exe, 00000000.00000003.1812096057.000002653F95B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812116653.000002653FA03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811041441.000002653FA03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811602481.000002653FA03000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17 |
Source: file.exe, 00000000.00000003.1811041441.000002653F9DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811211841.000002653F978000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811407388.000002653CE0E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install |
Source: file.exe, 00000000.00000003.1822746717.000002653FA17000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94 |
Source: file.exe, 00000000.00000003.1822746717.000002653FA17000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219 |
Source: file.exe, 00000000.00000003.1819856920.0000026540151000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1816063856.000002653FA5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817503166.000002653ECC8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817503166.000002653ECC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1816063856.000002653FAC6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817293847.000002653FACE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1816063856.000002653FA53000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org |
Source: file.exe, 00000000.00000003.1816063856.000002653FA63000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2 |
Source: file.exe, 00000000.00000003.1816063856.000002653FA63000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR |
Source: file.exe, 00000000.00000003.1816063856.000002653FAD6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817815572.000002653FB98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817503166.000002653ECCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1816063856.000002653FA63000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: file.exe, 00000000.00000003.1816063856.000002653FA63000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: file.exe, 00000000.00000003.1816063856.000002653FAD6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817815572.000002653FB98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817503166.000002653ECCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1816063856.000002653FA63000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3E9310 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,GetObjectW,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,DeleteObject,EnterCriticalSection,EnterCriticalSection,GdiplusShutdown,LeaveCriticalSection,LeaveCriticalSection,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF67A3E9310 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3EDD50 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,_invalid_parameter_noinfo_noreturn,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize, |
0_2_00007FF67A3EDD50 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3ED610 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF67A3ED610 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A390BD0 |
0_2_00007FF67A390BD0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A39EC50 |
0_2_00007FF67A39EC50 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A409D08 |
0_2_00007FF67A409D08 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A39C9C0 |
0_2_00007FF67A39C9C0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3C1A80 |
0_2_00007FF67A3C1A80 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3F0A90 |
0_2_00007FF67A3F0A90 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3E8A50 |
0_2_00007FF67A3E8A50 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3EBA60 |
0_2_00007FF67A3EBA60 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3BBAF0 |
0_2_00007FF67A3BBAF0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3E9FB0 |
0_2_00007FF67A3E9FB0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3A40B0 |
0_2_00007FF67A3A40B0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3F00A8 |
0_2_00007FF67A3F00A8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3EADB0 |
0_2_00007FF67A3EADB0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3E1F20 |
0_2_00007FF67A3E1F20 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3E3360 |
0_2_00007FF67A3E3360 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A406504 |
0_2_00007FF67A406504 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A39D510 |
0_2_00007FF67A39D510 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3BE4E0 |
0_2_00007FF67A3BE4E0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A41C138 |
0_2_00007FF67A41C138 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3F2150 |
0_2_00007FF67A3F2150 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3E8210 |
0_2_00007FF67A3E8210 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3E9310 |
0_2_00007FF67A3E9310 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3912C0 |
0_2_00007FF67A3912C0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3D77F0 |
0_2_00007FF67A3D77F0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A39E5A0 |
0_2_00007FF67A39E5A0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3ACB90 |
0_2_00007FF67A3ACB90 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A41EB50 |
0_2_00007FF67A41EB50 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A408C2C |
0_2_00007FF67A408C2C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3CDBD0 |
0_2_00007FF67A3CDBD0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A423BC0 |
0_2_00007FF67A423BC0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A407CAC |
0_2_00007FF67A407CAC |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3D3CC0 |
0_2_00007FF67A3D3CC0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3FE9A4 |
0_2_00007FF67A3FE9A4 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3DF9C0 |
0_2_00007FF67A3DF9C0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3F49BA |
0_2_00007FF67A3F49BA |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A399A59 |
0_2_00007FF67A399A59 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A401B14 |
0_2_00007FF67A401B14 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3FDAC4 |
0_2_00007FF67A3FDAC4 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A409F84 |
0_2_00007FF67A409F84 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3CCF60 |
0_2_00007FF67A3CCF60 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3B6F70 |
0_2_00007FF67A3B6F70 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A41EFD0 |
0_2_00007FF67A41EFD0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3D8FD0 |
0_2_00007FF67A3D8FD0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3EE0A0 |
0_2_00007FF67A3EE0A0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3FE10C |
0_2_00007FF67A3FE10C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3660C0 |
0_2_00007FF67A3660C0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3B00ED |
0_2_00007FF67A3B00ED |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A391D4E |
0_2_00007FF67A391D4E |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3EDD50 |
0_2_00007FF67A3EDD50 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3D6D70 |
0_2_00007FF67A3D6D70 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A39AE00 |
0_2_00007FF67A39AE00 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3FBE00 |
0_2_00007FF67A3FBE00 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3CFE50 |
0_2_00007FF67A3CFE50 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A410E74 |
0_2_00007FF67A410E74 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3BAF00 |
0_2_00007FF67A3BAF00 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3CDF00 |
0_2_00007FF67A3CDF00 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A397ED0 |
0_2_00007FF67A397ED0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A39BEE0 |
0_2_00007FF67A39BEE0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3D4EF0 |
0_2_00007FF67A3D4EF0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3AE419 |
0_2_00007FF67A3AE419 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A4083D8 |
0_2_00007FF67A4083D8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A366480 |
0_2_00007FF67A366480 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3FE49C |
0_2_00007FF67A3FE49C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A40A50C |
0_2_00007FF67A40A50C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3AC4E0 |
0_2_00007FF67A3AC4E0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3D0180 |
0_2_00007FF67A3D0180 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A40717C |
0_2_00007FF67A40717C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3C5220 |
0_2_00007FF67A3C5220 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3CD260 |
0_2_00007FF67A3CD260 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3D8270 |
0_2_00007FF67A3D8270 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3E12F0 |
0_2_00007FF67A3E12F0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3E6783 |
0_2_00007FF67A3E6783 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3877B0 |
0_2_00007FF67A3877B0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3E2750 |
0_2_00007FF67A3E2750 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A389760 |
0_2_00007FF67A389760 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3E6773 |
0_2_00007FF67A3E6773 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A386770 |
0_2_00007FF67A386770 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3CF820 |
0_2_00007FF67A3CF820 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3CD8B0 |
0_2_00007FF67A3CD8B0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A366900 |
0_2_00007FF67A366900 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3FD8DC |
0_2_00007FF67A3FD8DC |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3918F0 |
0_2_00007FF67A3918F0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3CD590 |
0_2_00007FF67A3CD590 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3C9600 |
0_2_00007FF67A3C9600 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3DF620 |
0_2_00007FF67A3DF620 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3D0616 |
0_2_00007FF67A3D0616 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A40762C |
0_2_00007FF67A40762C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3E45D0 |
0_2_00007FF67A3E45D0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3D66D0 |
0_2_00007FF67A3D66D0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A3FD6F4 |
0_2_00007FF67A3FD6F4 |
Source: file.exe |
String found in binary or memory: --help |
Source: file.exe |
String found in binary or memory: --help |
Source: file.exe |
String found in binary or memory: --help |
Source: file.exe |
String found in binary or memory: --help |
Source: file.exe |
String found in binary or memory: ipportgrabber_max_sizeextensionslinksbuild_nameself_destructtype must be boolean, but is type must be number, but is 0123456789ABCDEFntdll.dllFile DownloaderabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'runasopen bad variant accessfalsetrueBad any_cast[VAR... , [default: [required][nargs: or more] ..[nargs= to or more provided. argument(s) expected. : required.: no value provided.-=--help-hshows help message and exits--version-vprints version information and exitsNo such argument: |
Source: file.exe |
String found in binary or memory: ipportgrabber_max_sizeextensionslinksbuild_nameself_destructtype must be boolean, but is type must be number, but is 0123456789ABCDEFntdll.dllFile DownloaderabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'runasopen bad variant accessfalsetrueBad any_cast[VAR... , [default: [required][nargs: or more] ..[nargs= to or more provided. argument(s) expected. : required.: no value provided.-=--help-hshows help message and exits--version-vprints version information and exitsNo such argument: |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A41C088 FindClose,FindFirstFileExW,GetLastError, |
0_2_00007FF67A41C088 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF67A41C138 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle, |
0_2_00007FF67A41C138 |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_00007FF67A40FBB4 |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_00007FF67A404B68 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoEx,FormatMessageA, |
0_2_00007FF67A41BC84 |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_00007FF67A40FAE4 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
0_2_00007FF67A40FFF0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW, |
0_2_00007FF67A4050AC |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
0_2_00007FF67A4101CC |
Source: C:\Users\user\Desktop\file.exe |
Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW, |
0_2_00007FF67A40F798 |
Source: file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Electrum\wallets |
Source: file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: ElectronCash\wallets |
Source: file.exe, 00000000.00000003.1830214172.000002653CE43000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Ny1aaXAgMjMuMDEgKHg2NCkgWzIzLjAxXQpNb3ppbGxhIEZpcmVmb3ggKHg2NCBlbi1VUykgWzExOC4wLjFdCk1vemlsbGEgTWFpbnRlbmFuY2UgU2VydmljZSBbMTE4LjAuMV0KTWljcm9zb2Z0IE9mZmljZSBQcm9mZXNzaW9uYWwgUGx1cyAyMDE5IC0gZW4tdXMgWzE2LjAuMTY4MjcuMjAxMzBdCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMjIgWDY0IEFkZGl0aW9uYWwgUnVudGltZSAtIDE0LjM2LjMyNTMyIFsxNC4zNi4zMjUzMl0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBMaWNlbnNpbmcgQ29tcG9uZW50IFsxNi4wLjE2ODI3LjIwMTMwXQpPZmZpY2UgMTYgQ2xpY2stdG8tUnVuIEV4dGVuc2liaWxpdHkgQ29tcG9uZW50IDY0LWJpdCBSZWdpc3RyYXRpb24gWzE2LjAuMTY4MjcuMjAwNTZdCkFkb2JlIEFjcm9iYXQgKDY0LWJpdCkgWzIzLjAwNi4yMDMyMF0KTWljcm9zb2Z0IFZpc3VhbCBDKysgMjAyMiBYNjQgTWluaW11bSBSdW50aW1lIC0gMTQuMzYuMzI1MzIgWzE0LjM2LjMyNTMyXQpHb29nbGUgQ2hyb21lIFsxMTcuMC41OTM4LjEzMl0KTWljcm9zb2Z0IEVkZ2UgWzExNy4wLjIwNDUuNDddCk1pY3Jvc29mdCBFZGdlIFVwZGF0ZSBbMS4zLjE3Ny4xMV0KTWljcm9zb2Z0IEVkZ2UgV2ViVmlldzIgUnVudGltZSBbMTE3LjAuMjA0NS40N10KSmF2YSBBdXRvIFVwZGF0ZXIgWzIuOC4zODEuOV0KSmF2YSA4IFVwZGF0ZSAzODEgWzguMC4zODEwLjldCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMTUtMjAyMiBSZWRpc3RyaWJ1dGFibGUgKHg2NCkgLSAxNC4zNi4zMjUzMiBbMTQuMzYuMzI1MzIuMF0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBFeHRlbnNpYmlsaXR5IENvbXBvbmVudCBbMTYuMC4xNjgyNy4yMDEzMF0K |
Source: file.exe, 00000000.00000003.1825279613.000002653CE43000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.walleta\ |
Source: file.exe, 00000000.00000003.1825279613.000002653CE43000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.walleta\ |
Source: file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Ethereum\keystore |
Source: file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Ethereum\keystore |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001 |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data |
Jump to behavior |