Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76338BA38 FindClose,FindFirstFileExW,GetLastError, |
0_2_00007FF76338BA38 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76338BAE8 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle, |
0_2_00007FF76338BAE8 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 176.124.204.206 |
Source: file.exe, 00000000.00000003.1369057073.000001EA4B82D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2599494351.000001EA4B7EF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.m |
Source: file.exe, 00000000.00000003.1368512194.000001EA4DFB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2600221699.000001EA4DFC0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ns.microsoft.t/Regi |
Source: file.exe, 00000000.00000002.2599494351.000001EA4B76A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.org |
Source: file.exe, 00000000.00000002.2599494351.000001EA4B7AF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.org/ |
Source: file.exe, 00000000.00000003.1369125819.000001EA4B7C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2599494351.000001EA4B7AF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.org/~ |
Source: file.exe, 00000000.00000003.1387286065.000001EA4E0B3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252. |
Source: file.exe, 00000000.00000003.1387286065.000001EA4E0B3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta |
Source: file.exe, 00000000.00000003.1374444105.000001EA4E0F3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: file.exe, 00000000.00000003.1386227021.000001EA4E280000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1387286065.000001EA4E107000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1387286065.000001EA4E0B3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg |
Source: file.exe, 00000000.00000003.1387286065.000001EA4E0B3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg |
Source: file.exe, 00000000.00000003.1387286065.000001EA4E0B3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e |
Source: file.exe, 00000000.00000003.1381574540.000001EA4D643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381574540.000001EA4D570000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1383468297.000001EA4E5D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381574540.000001EA4D578000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381574540.000001EA4D64B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1386227021.000001EA4E18D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org |
Source: file.exe, 00000000.00000003.1381574540.000001EA4D57F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: file.exe, 00000000.00000003.1381574540.000001EA4D57F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK |
Source: file.exe, 00000000.00000003.1387286065.000001EA4E0B3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0 |
Source: file.exe, 00000000.00000003.1387286065.000001EA4E0B3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u |
Source: file.exe, 00000000.00000003.1381574540.000001EA4D643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381574540.000001EA4D570000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1383468297.000001EA4E5D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381574540.000001EA4D578000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381574540.000001EA4D64B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1386227021.000001EA4E18D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org |
Source: file.exe, 00000000.00000003.1381574540.000001EA4D57F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP |
Source: file.exe, 00000000.00000003.1381574540.000001EA4D57F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW |
Source: file.exe, 00000000.00000003.1381574540.000001EA4D653000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1383468297.000001EA4E5D9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381574540.000001EA4D57F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d |
Source: file.exe, 00000000.00000003.1381574540.000001EA4D57F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: file.exe, 00000000.00000003.1381574540.000001EA4D653000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1383468297.000001EA4E5D9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381574540.000001EA4D57F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763358CC0 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,GetObjectW,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,DeleteObject,EnterCriticalSection,EnterCriticalSection,GdiplusShutdown,LeaveCriticalSection,LeaveCriticalSection,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF763358CC0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76335D700 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,_invalid_parameter_noinfo_noreturn,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize, |
0_2_00007FF76335D700 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76335CFC0 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF76335CFC0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763360440 |
0_2_00007FF763360440 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76332E4E0 |
0_2_00007FF76332E4E0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76330D510 |
0_2_00007FF76330D510 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763358400 |
0_2_00007FF763358400 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76335B410 |
0_2_00007FF76335B410 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF7633012C0 |
0_2_00007FF7633012C0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF7633471A0 |
0_2_00007FF7633471A0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF7633518D0 |
0_2_00007FF7633518D0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76335A760 |
0_2_00007FF76335A760 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF7633796B8 |
0_2_00007FF7633796B8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76330E5A0 |
0_2_00007FF76330E5A0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76330EC50 |
0_2_00007FF76330EC50 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763352D10 |
0_2_00007FF763352D10 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763358CC0 |
0_2_00007FF763358CC0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763300BD0 |
0_2_00007FF763300BD0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763357BC0 |
0_2_00007FF763357BC0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76335FA58 |
0_2_00007FF76335FA58 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763331A80 |
0_2_00007FF763331A80 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76338BAE8 |
0_2_00007FF76338BAE8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76332BAF0 |
0_2_00007FF76332BAF0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763361B00 |
0_2_00007FF763361B00 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763359960 |
0_2_00007FF763359960 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76330C9C0 |
0_2_00007FF76330C9C0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF7633140B0 |
0_2_00007FF7633140B0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763375EB4 |
0_2_00007FF763375EB4 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763301D4E |
0_2_00007FF763301D4E |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76336D474 |
0_2_00007FF76336D474 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76331E419 |
0_2_00007FF76331E419 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF7632D6480 |
0_2_00007FF7632D6480 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76331C4E0 |
0_2_00007FF76331C4E0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76338E500 |
0_2_00007FF76338E500 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF7633714C4 |
0_2_00007FF7633714C4 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76334F370 |
0_2_00007FF76334F370 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76336E354 |
0_2_00007FF76336E354 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76333D260 |
0_2_00007FF76333D260 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76336D28C |
0_2_00007FF76336D28C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763335220 |
0_2_00007FF763335220 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763340180 |
0_2_00007FF763340180 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763356123 |
0_2_00007FF763356123 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763356133 |
0_2_00007FF763356133 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763380824 |
0_2_00007FF763380824 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76333F820 |
0_2_00007FF76333F820 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF7633448A0 |
0_2_00007FF7633448A0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF7632D6900 |
0_2_00007FF7632D6900 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76333D8B0 |
0_2_00007FF76333D8B0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF7633018F0 |
0_2_00007FF7633018F0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763346720 |
0_2_00007FF763346720 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF7632F6770 |
0_2_00007FF7632F6770 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF7632F9760 |
0_2_00007FF7632F9760 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF7632F77B0 |
0_2_00007FF7632F77B0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76336B7B0 |
0_2_00007FF76336B7B0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76337765C |
0_2_00007FF76337765C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763343670 |
0_2_00007FF763343670 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76335D700 |
0_2_00007FF76335D700 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763393570 |
0_2_00007FF763393570 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76333D590 |
0_2_00007FF76333D590 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF7633785DC |
0_2_00007FF7633785DC |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763339600 |
0_2_00007FF763339600 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763347C20 |
0_2_00007FF763347C20 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF7632FACA0 |
0_2_00007FF7632FACA0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763350CA0 |
0_2_00007FF763350CA0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76331CB90 |
0_2_00007FF76331CB90 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763376B2C |
0_2_00007FF763376B2C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76333DBD0 |
0_2_00007FF76333DBD0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763309A59 |
0_2_00007FF763309A59 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76335DA50 |
0_2_00007FF76335DA50 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76336DABC |
0_2_00007FF76336DABC |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76338E980 |
0_2_00007FF76338E980 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763348980 |
0_2_00007FF763348980 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763379934 |
0_2_00007FF763379934 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763346080 |
0_2_00007FF763346080 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF7632D60C0 |
0_2_00007FF7632D60C0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF7633200ED |
0_2_00007FF7633200ED |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763352100 |
0_2_00007FF763352100 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76336D0A4 |
0_2_00007FF76336D0A4 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76333CF60 |
0_2_00007FF76333CF60 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763326F70 |
0_2_00007FF763326F70 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763353F80 |
0_2_00007FF763353F80 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763376FDC |
0_2_00007FF763376FDC |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF7632D7010 |
0_2_00007FF7632D7010 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76334EFD0 |
0_2_00007FF76334EFD0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76336DE4C |
0_2_00007FF76336DE4C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76333FE50 |
0_2_00007FF76333FE50 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763307ED0 |
0_2_00007FF763307ED0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76330BEE0 |
0_2_00007FF76330BEE0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76333DF00 |
0_2_00007FF76333DF00 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76332AF00 |
0_2_00007FF76332AF00 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763379EBC |
0_2_00007FF763379EBC |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF763377D88 |
0_2_00007FF763377D88 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76330AE00 |
0_2_00007FF76330AE00 |
Source: file.exe |
String found in binary or memory: --help |
Source: file.exe |
String found in binary or memory: --help |
Source: file.exe |
String found in binary or memory: --help |
Source: file.exe |
String found in binary or memory: --help |
Source: file.exe |
String found in binary or memory: ipportgrabber_max_sizeextensionslinksbuild_nameself_destructtype must be boolean, but is type must be number, but is 0123456789ABCDEFntdll.dllFile DownloaderabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'runasopen bad variant accessfalsetrueBad any_cast[VAR... , [default: [required][nargs: or more] ..[nargs= to or more provided. argument(s) expected. : required.: no value provided.-=--help-hshows help message and exits--version-vprints version information and exitsNo such argument: |
Source: file.exe |
String found in binary or memory: ipportgrabber_max_sizeextensionslinksbuild_nameself_destructtype must be boolean, but is type must be number, but is 0123456789ABCDEFntdll.dllFile DownloaderabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'runasopen bad variant accessfalsetrueBad any_cast[VAR... , [default: [required][nargs: or more] ..[nargs= to or more provided. argument(s) expected. : required.: no value provided.-=--help-hshows help message and exits--version-vprints version information and exitsNo such argument: |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76338BA38 FindClose,FindFirstFileExW,GetLastError, |
0_2_00007FF76338BA38 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00007FF76338BAE8 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle, |
0_2_00007FF76338BAE8 |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696492231} |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.co.inVMware20,11696492231d |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: netportal.hdfcbank.comVMware20,11696492231 |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: outlook.office.comVMware20,11696492231s |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231 |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: AMC password management pageVMware20,11696492231 |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.comVMware20,11696492231 |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x |
Source: file.exe, 00000000.00000003.1369125819.000001EA4B7C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2599494351.000001EA4B7AF000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231 |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^ |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231 |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: outlook.office365.comVMware20,11696492231t |
Source: file.exe, 00000000.00000003.1369125819.000001EA4B7C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2599494351.000001EA4B7AF000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW^ |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: discord.comVMware20,11696492231f |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: global block list test formVMware20,11696492231 |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: dev.azure.comVMware20,11696492231j |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.comVMware20,11696492231} |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~ |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: bankofamerica.comVMware20,11696492231x |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: tasks.office.comVMware20,11696492231o |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: account.microsoft.com/profileVMware20,11696492231u |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231 |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231 |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: ms.portal.azure.comVMware20,11696492231 |
Source: file.exe, 00000000.00000002.2599494351.000001EA4B76A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWp(~K |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: turbotax.intuit.comVMware20,11696492231t |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696492231|UE |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696492231x |
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - HKVMware20,11696492231] |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_00007FF76337F494 |
Source: C:\Users\user\Desktop\file.exe |
Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW, |
0_2_00007FF76337F148 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoEx,FormatMessageA, |
0_2_00007FF76338B634 |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_00007FF76337F564 |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_00007FF763374518 |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
0_2_00007FF76337FB7C |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW, |
0_2_00007FF763374A5C |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
0_2_00007FF76337F9A0 |
Source: file.exe, 00000000.00000002.2599494351.000001EA4B76A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Electrum |
Source: file.exe, 00000000.00000002.2599494351.000001EA4B76A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: ElectronCash |
Source: file.exe, 00000000.00000002.2599494351.000001EA4B76A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Jaxx Liberty |
Source: file.exe, 00000000.00000002.2599494351.000001EA4B76A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Exodus |
Source: file.exe, 00000000.00000002.2599494351.000001EA4B76A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Ethereum |
Source: file.exe, 00000000.00000002.2599494351.000001EA4B76A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Ethereum\keystore |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.db |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001 |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data |
Jump to behavior |