Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00452126 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0045C999 FindFirstFileW,FindNextFileW,FindClose, |
0_2_0045C999 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_00436ADE |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00434BEE |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0045DD7C FindFirstFileW,FindClose, |
0_2_0045DD7C |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose, |
0_2_0044BD29 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle, |
0_2_00436D2D |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00442E1F |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
0_2_00475FE5 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0044BF8D |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
2_2_00452126 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0045C999 FindFirstFileW,FindNextFileW,FindClose, |
2_2_0045C999 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose, |
2_2_00436ADE |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
2_2_00434BEE |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0045DD7C FindFirstFileW,FindClose, |
2_2_0045DD7C |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose, |
2_2_0044BD29 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle, |
2_2_00436D2D |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
2_2_00442E1F |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
2_2_00475FE5 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose, |
2_2_0044BF8D |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
5_2_00452126 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0045C999 FindFirstFileW,FindNextFileW,FindClose, |
5_2_0045C999 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose, |
5_2_00436ADE |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
5_2_00434BEE |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0045DD7C FindFirstFileW,FindClose, |
5_2_0045DD7C |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose, |
5_2_0044BD29 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle, |
5_2_00436D2D |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
5_2_00442E1F |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
5_2_00475FE5 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose, |
5_2_0044BF8D |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 72.11.142.133 |
Source: RegSvcs.exe, 00000003.00000002.4491447304.0000000005138000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en |
Source: RegSvcs.exe, 00000003.00000002.4491190786.0000000005060000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.3.dr |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: RegSvcs.exe, 00000003.00000002.4497072356.0000000007190000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: http://james.newtonking.com/projects/json |
Source: RegSvcs.exe, 00000003.00000002.4485595301.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: RegSvcs.exe, 00000003.00000002.4488029672.0000000003B5A000.00000004.00000800.00020000.00000000.sdmp, tmp9B0.tmp.dat.3.dr, tmp920.tmp.dat.3.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: RegSvcs.exe, 00000003.00000002.4488029672.0000000003B5A000.00000004.00000800.00020000.00000000.sdmp, tmp9B0.tmp.dat.3.dr, tmp920.tmp.dat.3.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: RegSvcs.exe, 00000003.00000002.4488029672.0000000003B5A000.00000004.00000800.00020000.00000000.sdmp, tmp9B0.tmp.dat.3.dr, tmp920.tmp.dat.3.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: RegSvcs.exe, 00000003.00000002.4488029672.0000000003B5A000.00000004.00000800.00020000.00000000.sdmp, tmp9B0.tmp.dat.3.dr, tmp920.tmp.dat.3.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: RegSvcs.exe, 00000003.00000002.4488029672.0000000003B5A000.00000004.00000800.00020000.00000000.sdmp, tmp9B0.tmp.dat.3.dr, tmp920.tmp.dat.3.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: RegSvcs.exe, 00000003.00000002.4488029672.0000000003B5A000.00000004.00000800.00020000.00000000.sdmp, tmp9B0.tmp.dat.3.dr, tmp920.tmp.dat.3.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: RegSvcs.exe, 00000003.00000002.4488029672.0000000003B5A000.00000004.00000800.00020000.00000000.sdmp, tmp9B0.tmp.dat.3.dr, tmp920.tmp.dat.3.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: RegSvcs.exe, 00000003.00000002.4485595301.0000000002AE3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4497072356.0000000007190000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://github.com/LimerBoy/StormKitty |
Source: RegSvcs.exe, 00000003.00000002.4485595301.0000000002AE3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/LimerBoy/StormKitty0&eq |
Source: tmpA6E.tmp.dat.3.dr |
String found in binary or memory: https://support.mozilla.org |
Source: tmpA6E.tmp.dat.3.dr |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: tmpA6E.tmp.dat.3.dr |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL |
Source: RegSvcs.exe, 00000003.00000002.4497072356.0000000007190000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://urn.to/r/sds_see |
Source: RegSvcs.exe, 00000003.00000002.4488029672.0000000003B5A000.00000004.00000800.00020000.00000000.sdmp, tmp9B0.tmp.dat.3.dr, tmp920.tmp.dat.3.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: RegSvcs.exe, 00000003.00000002.4488029672.0000000003B5A000.00000004.00000800.00020000.00000000.sdmp, tmp9B0.tmp.dat.3.dr, tmp920.tmp.dat.3.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: tmpA6E.tmp.dat.3.dr |
String found in binary or memory: https://www.mozilla.org |
Source: tmpA6E.tmp.dat.3.dr |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc |
Source: tmpA6E.tmp.dat.3.dr |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6 |
Source: RegSvcs.exe, 00000003.00000002.4485595301.0000000002C1C000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4493632299.0000000006274000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ |
Source: places.raw.3.dr, tmpA6E.tmp.dat.3.dr |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: tmpA6E.tmp.dat.3.dr |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: places.raw.3.dr, tmpA6E.tmp.dat.3.dr |
String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg |
Source: places.raw.3.dr, tmpA6E.tmp.dat.3.dr |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: RegSvcs.exe, 00000003.00000002.4497072356.0000000007190000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://www.newtonsoft.com/jsonschema |
Source: RegSvcs.exe, 00000003.00000002.4497072356.0000000007190000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0047C08E SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, |
0_2_0047C08E |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0047C08E SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, |
2_2_0047C08E |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0047C08E SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, |
5_2_0047C08E |
Source: 5.2.bankrupture.exe.3640000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen |
Source: 2.2.bankrupture.exe.3f40000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen |
Source: 6.2.RegSvcs.exe.1e0000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen |
Source: 5.2.bankrupture.exe.3640000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen |
Source: 2.2.bankrupture.exe.3f40000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen |
Source: 3.2.RegSvcs.exe.7190000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 3.2.RegSvcs.exe.7190000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 00000005.00000002.2199992872.0000000003640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen |
Source: 00000002.00000002.2081576290.0000000003F40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen |
Source: 00000003.00000002.4497072356.0000000007190000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00409A40 |
0_2_00409A40 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00412038 |
0_2_00412038 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00427161 |
0_2_00427161 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0047E1FA |
0_2_0047E1FA |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_004212BE |
0_2_004212BE |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00443390 |
0_2_00443390 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00443391 |
0_2_00443391 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0041A46B |
0_2_0041A46B |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0041240C |
0_2_0041240C |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00446566 |
0_2_00446566 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_004045E0 |
0_2_004045E0 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0041D750 |
0_2_0041D750 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_004037E0 |
0_2_004037E0 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00427859 |
0_2_00427859 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00412818 |
0_2_00412818 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0040F890 |
0_2_0040F890 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0042397B |
0_2_0042397B |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00411B63 |
0_2_00411B63 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0047CBF0 |
0_2_0047CBF0 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0044EBBC |
0_2_0044EBBC |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00412C38 |
0_2_00412C38 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0044ED9A |
0_2_0044ED9A |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00423EBF |
0_2_00423EBF |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00424F70 |
0_2_00424F70 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0041AF0D |
0_2_0041AF0D |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_03D33FB0 |
0_2_03D33FB0 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00409A40 |
2_2_00409A40 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00412038 |
2_2_00412038 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00427161 |
2_2_00427161 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0047E1FA |
2_2_0047E1FA |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_004212BE |
2_2_004212BE |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00443390 |
2_2_00443390 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00443391 |
2_2_00443391 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0041A46B |
2_2_0041A46B |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0041240C |
2_2_0041240C |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00446566 |
2_2_00446566 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_004045E0 |
2_2_004045E0 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0041D750 |
2_2_0041D750 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_004037E0 |
2_2_004037E0 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00427859 |
2_2_00427859 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00412818 |
2_2_00412818 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0040F890 |
2_2_0040F890 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0042397B |
2_2_0042397B |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00411B63 |
2_2_00411B63 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0047CBF0 |
2_2_0047CBF0 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0044EBBC |
2_2_0044EBBC |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00412C38 |
2_2_00412C38 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0044ED9A |
2_2_0044ED9A |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00423EBF |
2_2_00423EBF |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00424F70 |
2_2_00424F70 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0041AF0D |
2_2_0041AF0D |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_03BF2FB0 |
2_2_03BF2FB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_029726F8 |
3_2_029726F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_029726E7 |
3_2_029726E7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_02972E73 |
3_2_02972E73 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06FCF4A8 |
3_2_06FCF4A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06FCC598 |
3_2_06FCC598 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06FC0589 |
3_2_06FC0589 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06FCB510 |
3_2_06FCB510 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06FCC589 |
3_2_06FCC589 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06FC0040 |
3_2_06FC0040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06FC0035 |
3_2_06FC0035 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06FF6748 |
3_2_06FF6748 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06FF2D38 |
3_2_06FF2D38 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06FF3A80 |
3_2_06FF3A80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06FFA000 |
3_2_06FFA000 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06FF96F8 |
3_2_06FF96F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06FF9FF1 |
3_2_06FF9FF1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06FFD548 |
3_2_06FFD548 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06FFD538 |
3_2_06FFD538 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_072EEF10 |
3_2_072EEF10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_072E98A8 |
3_2_072E98A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_072E5748 |
3_2_072E5748 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_072E5741 |
3_2_072E5741 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_072EAD32 |
3_2_072EAD32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_072ECCF0 |
3_2_072ECCF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_072E987F |
3_2_072E987F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_072E78D8 |
3_2_072E78D8 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00409A40 |
5_2_00409A40 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00412038 |
5_2_00412038 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00427161 |
5_2_00427161 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0047E1FA |
5_2_0047E1FA |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_004212BE |
5_2_004212BE |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00443390 |
5_2_00443390 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00443391 |
5_2_00443391 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0041A46B |
5_2_0041A46B |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0041240C |
5_2_0041240C |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00446566 |
5_2_00446566 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_004045E0 |
5_2_004045E0 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0041D750 |
5_2_0041D750 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_004037E0 |
5_2_004037E0 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00427859 |
5_2_00427859 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00412818 |
5_2_00412818 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0040F890 |
5_2_0040F890 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0042397B |
5_2_0042397B |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00411B63 |
5_2_00411B63 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0047CBF0 |
5_2_0047CBF0 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0044EBBC |
5_2_0044EBBC |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00412C38 |
5_2_00412C38 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0044ED9A |
5_2_0044ED9A |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00423EBF |
5_2_00423EBF |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00424F70 |
5_2_00424F70 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0041AF0D |
5_2_0041AF0D |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_03C91FB8 |
5_2_03C91FB8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_048B2700 |
6_2_048B2700 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_048B2E80 |
6_2_048B2E80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_048B26F0 |
6_2_048B26F0 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: String function: 00445975 appears 65 times |
|
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: String function: 0041171A appears 37 times |
|
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: String function: 0041718C appears 45 times |
|
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: String function: 0040E6D0 appears 35 times |
|
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: String function: 00425210 appears 58 times |
|
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: String function: 00445975 appears 130 times |
|
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: String function: 0041171A appears 74 times |
|
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: String function: 0041832D appears 52 times |
|
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: String function: 004136BC appears 36 times |
|
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: String function: 004092C0 appears 50 times |
|
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: String function: 0041718C appears 90 times |
|
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: String function: 00401B70 appears 46 times |
|
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: String function: 0040E6D0 appears 70 times |
|
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: String function: 0043362D appears 38 times |
|
Source: 5.2.bankrupture.exe.3640000.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI |
Source: 2.2.bankrupture.exe.3f40000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI |
Source: 6.2.RegSvcs.exe.1e0000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI |
Source: 5.2.bankrupture.exe.3640000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI |
Source: 2.2.bankrupture.exe.3f40000.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI |
Source: 3.2.RegSvcs.exe.7190000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 3.2.RegSvcs.exe.7190000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 00000005.00000002.2199992872.0000000003640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI |
Source: 00000002.00000002.2081576290.0000000003F40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI |
Source: 00000003.00000002.4497072356.0000000007190000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00464422 OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle, |
0_2_00464422 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_004364AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState, |
0_2_004364AA |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00464422 OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle, |
2_2_00464422 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_004364AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState, |
2_2_004364AA |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00464422 OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle, |
5_2_00464422 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_004364AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState, |
5_2_004364AA |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Section loaded: iconcodecservice.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: iconcodecservice.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: vbscript.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: wshext.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: scrobj.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: mlang.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: scrrun.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: iconcodecservice.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_004772DE IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, |
0_2_004772DE |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_004375B0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput, |
0_2_004375B0 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_004772DE IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, |
2_2_004772DE |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_004375B0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput, |
2_2_004375B0 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_004772DE IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, |
5_2_004772DE |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_004375B0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput, |
5_2_004375B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00452126 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0045C999 FindFirstFileW,FindNextFileW,FindClose, |
0_2_0045C999 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_00436ADE |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00434BEE |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0045DD7C FindFirstFileW,FindClose, |
0_2_0045DD7C |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose, |
0_2_0044BD29 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle, |
0_2_00436D2D |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00442E1F |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
0_2_00475FE5 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0044BF8D |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
2_2_00452126 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0045C999 FindFirstFileW,FindNextFileW,FindClose, |
2_2_0045C999 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose, |
2_2_00436ADE |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
2_2_00434BEE |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0045DD7C FindFirstFileW,FindClose, |
2_2_0045DD7C |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose, |
2_2_0044BD29 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle, |
2_2_00436D2D |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
2_2_00442E1F |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
2_2_00475FE5 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose, |
2_2_0044BF8D |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
5_2_00452126 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0045C999 FindFirstFileW,FindNextFileW,FindClose, |
5_2_0045C999 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose, |
5_2_00436ADE |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
5_2_00434BEE |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0045DD7C FindFirstFileW,FindClose, |
5_2_0045DD7C |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose, |
5_2_0044BD29 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle, |
5_2_00436D2D |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
5_2_00442E1F |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
5_2_00475FE5 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose, |
5_2_0044BF8D |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655x |
Source: RegSvcs.exe, 00000003.00000002.4491190786.0000000005060000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWx |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: discord.comVMware20,11696428655f |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: interactivebrokers.co.inVMware20,11696428655d |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655 |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: global block list test formVMware20,11696428655 |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655} |
Source: RegSvcs.exe, 00000003.00000002.4491447304.00000000050B9000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4491848841.0000000005156000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655 |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^ |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: account.microsoft.com/profileVMware20,11696428655u |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: secure.bankofamerica.comVMware20,11696428655|UE |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: www.interactivebrokers.comVMware20,11696428655} |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: outlook.office365.comVMware20,11696428655t |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x |
Source: bankrupture.exe, 00000002.00000002.2080270686.0000000000BFE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: -94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}w |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655 |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: outlook.office.comVMware20,11696428655s |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~ |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: ms.portal.azure.comVMware20,11696428655 |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: AMC password management pageVMware20,11696428655 |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: tasks.office.comVMware20,11696428655o |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: turbotax.intuit.comVMware20,11696428655t |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: interactivebrokers.comVMware20,11696428655 |
Source: REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe, 00000000.00000002.2059171524.0000000000BDE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: dRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\,, |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655 |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: dev.azure.comVMware20,11696428655j |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: netportal.hdfcbank.comVMware20,11696428655 |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: Interactive Brokers - HKVMware20,11696428655] |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: bankofamerica.comVMware20,11696428655x |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h |
Source: tmpB2B.tmp.dat.3.dr |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0042202E SetUnhandledExceptionFilter, |
0_2_0042202E |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_004230F5 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_004230F5 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00417D93 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00417D93 |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_00421FA7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00421FA7 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0042202E SetUnhandledExceptionFilter, |
2_2_0042202E |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_004230F5 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
2_2_004230F5 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00417D93 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
2_2_00417D93 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_00421FA7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
2_2_00421FA7 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0042202E SetUnhandledExceptionFilter, |
5_2_0042202E |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_004230F5 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
5_2_004230F5 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00417D93 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
5_2_00417D93 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_00421FA7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
5_2_00421FA7 |
Source: RegSvcs.exe, 00000003.00000002.4485595301.0000000002B90000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4485595301.0000000002B89000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4485595301.0000000002CE3000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Program Manager@\]q |
Source: RegSvcs.exe, 00000003.00000002.4485595301.0000000002B90000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4485595301.0000000002B89000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4485595301.0000000002CE3000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Program Manager |
Source: bankrupture.exe |
Binary or memory string: Shell_TrayWnd |
Source: RegSvcs.exe, 00000003.00000002.4485595301.0000000002CE3000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Program ManagerTe]qXc |
Source: RegSvcs.exe, 00000003.00000002.4485595301.0000000002CE3000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Program ManagerTe]q8e |
Source: RegSvcs.exe, 00000003.00000002.4485595301.0000000002B90000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4485595301.0000000002B89000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4485595301.0000000002CE3000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Program Manager@\]q& |
Source: REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe, bankrupture.exe.0.dr |
Binary or memory string: @3PDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning |
Source: RegSvcs.exe, 00000003.00000002.4485595301.0000000002B7F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Program ManagerTe]qT |
Source: RegSvcs.exe, 00000003.00000002.4485595301.0000000002B7F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Program ManagerTe]q4 |
Source: RegSvcs.exe, 00000003.00000002.4485595301.0000000002B90000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Program ManagerTe]qp |
Source: RegSvcs.exe, 00000003.00000002.4485595301.0000000002B90000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Program ManagerTe]qP |
Source: RegSvcs.exe, 00000003.00000002.4485595301.0000000002B89000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Program ManagerTe]q |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_004741BB socket,WSAGetLastError,bind,WSAGetLastError,closesocket, |
0_2_004741BB |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0046483C socket,WSAGetLastError,bind,WSAGetLastError,listen,WSAGetLastError,closesocket, |
0_2_0046483C |
Source: C:\Users\user\Desktop\REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exe |
Code function: 0_2_0047AD92 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject, |
0_2_0047AD92 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_004741BB socket,WSAGetLastError,bind,WSAGetLastError,closesocket, |
2_2_004741BB |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0046483C socket,WSAGetLastError,bind,WSAGetLastError,listen,WSAGetLastError,closesocket, |
2_2_0046483C |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 2_2_0047AD92 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject, |
2_2_0047AD92 |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_004741BB socket,WSAGetLastError,bind,WSAGetLastError,closesocket, |
5_2_004741BB |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0046483C socket,WSAGetLastError,bind,WSAGetLastError,listen,WSAGetLastError,closesocket, |
5_2_0046483C |
Source: C:\Users\user\AppData\Local\overfertility\bankrupture.exe |
Code function: 5_2_0047AD92 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject, |
5_2_0047AD92 |