Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00000001400B93CC FindClose,FindFirstFileExW,GetLastError,GetCurrentDirectoryW,GetLastError, |
1_2_00000001400B93CC |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00000001400B947C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,GetLastError,GetFileAttributesW,__std_fs_open_handle,CloseHandle, |
1_2_00000001400B947C |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140034D60 FindFirstFileW,FindNextFileW, |
1_2_0000000140034D60 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00000001400D40D8 FindFirstFileW,FindNextFileW, |
1_2_00000001400D40D8 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then sub rsp, 28h |
0_2_00007FF66B15DC50 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rsi |
0_2_00007FF66B159CD0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rdi |
0_2_00007FF66B15ACD0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rdi |
0_2_00007FF66B15ACD0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rdi |
0_2_00007FF66B15ACD0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rsi |
0_2_00007FF66B151D20 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then cmp rdx, 01h |
0_2_00007FF66B14FBE0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rsi |
0_2_00007FF66B1520B0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rbx |
0_2_00007FF66B13AF33 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then sub rsp, 28h |
0_2_00007FF66B15DD49 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rbp |
0_2_00007FF66B14AE30 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rbp |
0_2_00007FF66B14B470 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push r15 |
0_2_00007FF66B14929E |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rdi |
0_2_00007FF66B15A1B0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rdi |
0_2_00007FF66B15A1B0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rdi |
0_2_00007FF66B15A1B0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rbx |
0_2_00007FF66B15B8C0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then sub rsp, 28h |
1_2_00007FF66B15DC50 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rsi |
1_2_00007FF66B159CD0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rdi |
1_2_00007FF66B15ACD0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rdi |
1_2_00007FF66B15ACD0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rdi |
1_2_00007FF66B15ACD0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rsi |
1_2_00007FF66B151D20 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then cmp rdx, 01h |
1_2_00007FF66B14FBE0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rsi |
1_2_00007FF66B1520B0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rbx |
1_2_00007FF66B13AF33 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then sub rsp, 28h |
1_2_00007FF66B15DD49 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rbp |
1_2_00007FF66B14AE30 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rbp |
1_2_00007FF66B14B470 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push r15 |
1_2_00007FF66B14929E |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rdi |
1_2_00007FF66B15A1B0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rdi |
1_2_00007FF66B15A1B0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rdi |
1_2_00007FF66B15A1B0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 4x nop then push rbx |
1_2_00007FF66B15B8C0 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: RUN.exe, 00000001.00000002.2204235009.0000024213203000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.micros |
Source: RUN.exe, 00000001.00000003.2202423492.00000242158E0000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2202472603.00000242158E4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ns.microsoft.t/Regi |
Source: RUN.exe, 00000001.00000003.2036391573.00000242158D1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ns.microsoft.t/Regi)F |
Source: RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2040061170.00000242131D9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: RUN.exe, 00000001.00000002.2204235009.0000024213155000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000002.2204235009.0000024213137000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.org/ |
Source: RUN.exe, 00000001.00000003.2066148254.00000242131DB000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D3000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743. |
Source: RUN.exe, 00000001.00000003.2066148254.00000242131DB000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D3000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta |
Source: RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2040061170.00000242131D9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2040061170.00000242131D9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2040061170.00000242131D9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: RUN.exe, 00000001.00000003.2066148254.00000242131DB000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D3000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg |
Source: RUN.exe, 00000001.00000003.2066148254.00000242131DB000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D3000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg |
Source: RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038501883.0000024215C1E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2039601750.0000024215C1F000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038501883.0000024215C1E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038501883.0000024215C1E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: RUN.exe |
String found in binary or memory: https://gcc.gnu.org/bugs/): |
Source: RUN.exe, 00000001.00000003.2066036652.00000242131D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi |
Source: RUN.exe, 00000001.00000003.2061516063.0000024215FA8000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2059602201.0000024215D4F000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2057905457.0000024214F38000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2059856665.0000024214F30000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2059602201.0000024215D47000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2058084500.0000024215D12000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org |
Source: RUN.exe, 00000001.00000003.2059602201.0000024215D57000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: RUN.exe, 00000001.00000003.2059602201.0000024215D57000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL |
Source: RUN.exe, 00000001.00000003.2066148254.00000242131DB000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D3000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477 |
Source: RUN.exe, 00000001.00000003.2066148254.00000242131DB000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D3000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref |
Source: RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2040061170.00000242131D9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: RUN.exe, 00000001.00000003.2061516063.0000024215FA8000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2059602201.0000024215D4F000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2057905457.0000024214F38000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2059856665.0000024214F30000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2059602201.0000024215D47000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2058084500.0000024215D12000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org |
Source: RUN.exe, 00000001.00000003.2059602201.0000024215D57000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc |
Source: RUN.exe, 00000001.00000003.2059602201.0000024215D57000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6 |
Source: RUN.exe, 00000001.00000003.2057905457.0000024214F3F000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2061516063.0000024215FAF000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2059602201.0000024215D57000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: RUN.exe, 00000001.00000003.2059602201.0000024215D57000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: RUN.exe, 00000001.00000003.2057905457.0000024214F3F000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2061516063.0000024215FAF000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2059602201.0000024215D57000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg |
Source: RUN.exe, 00000001.00000003.2057905457.0000024214F3F000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2061516063.0000024215FAF000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2059602201.0000024215D57000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B1216A0 memcpy,strlen,strcpy_s,WideCharToMultiByte,strcpy_s,strcpy_s,strcpy_s,_strlwr,_strlwr,strstr,strcmp,CreateFileA,WideCharToMultiByte,strcpy_s,strcpy_s,strcpy_s,_strlwr,_strlwr,strstr,strcmp,NtWriteFile,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,NtClose,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,LdrLoadDll,strcmp,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,NtProtectVirtualMemory,remove,FreeLibrary,free,memcpy,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,strcmp,NtProtectVirtualMemory,strcmp,NtProtectVirtualMemory,strcmp,NtProtectVirtualMemory,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,exit, |
0_2_00007FF66B1216A0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B123590 strcmp,strcmp,NtQueryInformationProcess, |
0_2_00007FF66B123590 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B1225D1 strcmp,NtProtectVirtualMemory,strcmp,NtProtectVirtualMemory,strcmp,NtProtectVirtualMemory,strcmp,strcmp, |
0_2_00007FF66B1225D1 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00000001400D46C0 NtQuerySystemInformation, |
1_2_00000001400D46C0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014008B700 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle, |
1_2_000000014008B700 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B1216A0 |
0_2_00007FF66B1216A0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B143CF0 |
0_2_00007FF66B143CF0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B156C30 |
0_2_00007FF66B156C30 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B13FB30 |
0_2_00007FF66B13FB30 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B135F60 |
0_2_00007FF66B135F60 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B126E80 |
0_2_00007FF66B126E80 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B15BD80 |
0_2_00007FF66B15BD80 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B14B470 |
0_2_00007FF66B14B470 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B13E450 |
0_2_00007FF66B13E450 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B1237A0 |
0_2_00007FF66B1237A0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B1276D0 |
0_2_00007FF66B1276D0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B142710 |
0_2_00007FF66B142710 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B14D5F0 |
0_2_00007FF66B14D5F0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B1295D0 |
0_2_00007FF66B1295D0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF8A8E12CF0 |
0_2_00007FF8A8E12CF0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF8A8E03C10 |
0_2_00007FF8A8E03C10 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF8A8E1AED0 |
0_2_00007FF8A8E1AED0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF8A8E200BA |
0_2_00007FF8A8E200BA |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF8A8E1F190 |
0_2_00007FF8A8E1F190 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF8A8E06360 |
0_2_00007FF8A8E06360 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF8A8E04460 |
0_2_00007FF8A8E04460 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF8A8E1C5B0 |
0_2_00007FF8A8E1C5B0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF8A8E20750 |
0_2_00007FF8A8E20750 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140042000 |
1_2_0000000140042000 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014003787D |
1_2_000000014003787D |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014005A150 |
1_2_000000014005A150 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140080220 |
1_2_0000000140080220 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140080A20 |
1_2_0000000140080A20 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014005FB20 |
1_2_000000014005FB20 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014003CC00 |
1_2_000000014003CC00 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014002F420 |
1_2_000000014002F420 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00000001400B947C |
1_2_00000001400B947C |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014003B4B0 |
1_2_000000014003B4B0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00000001400A44E8 |
1_2_00000001400A44E8 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140031D30 |
1_2_0000000140031D30 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014002ED30 |
1_2_000000014002ED30 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140034D60 |
1_2_0000000140034D60 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014005ED70 |
1_2_000000014005ED70 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140081600 |
1_2_0000000140081600 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014008FED0 |
1_2_000000014008FED0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140081FA0 |
1_2_0000000140081FA0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014005C7C0 |
1_2_000000014005C7C0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014006B860 |
1_2_000000014006B860 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140067880 |
1_2_0000000140067880 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014006E0E0 |
1_2_000000014006E0E0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00000001400158E0 |
1_2_00000001400158E0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00000001400070E0 |
1_2_00000001400070E0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140063140 |
1_2_0000000140063140 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00000001400BC170 |
1_2_00000001400BC170 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140053180 |
1_2_0000000140053180 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140006180 |
1_2_0000000140006180 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014006E9BA |
1_2_000000014006E9BA |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014006C1D0 |
1_2_000000014006C1D0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00000001400561E0 |
1_2_00000001400561E0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00000001400BE9F0 |
1_2_00000001400BE9F0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140028200 |
1_2_0000000140028200 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014006B230 |
1_2_000000014006B230 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014002FA50 |
1_2_000000014002FA50 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014006DAB0 |
1_2_000000014006DAB0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014009FAF8 |
1_2_000000014009FAF8 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140026340 |
1_2_0000000140026340 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140025350 |
1_2_0000000140025350 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014006BB80 |
1_2_000000014006BB80 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014004C3A0 |
1_2_000000014004C3A0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00000001400A63BC |
1_2_00000001400A63BC |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014004ABD0 |
1_2_000000014004ABD0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014006E520 |
1_2_000000014006E520 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140006D20 |
1_2_0000000140006D20 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014006B530 |
1_2_000000014006B530 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140059550 |
1_2_0000000140059550 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014008F5A0 |
1_2_000000014008F5A0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140005DB0 |
1_2_0000000140005DB0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140006610 |
1_2_0000000140006610 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140035E20 |
1_2_0000000140035E20 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014002FE96 |
1_2_000000014002FE96 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014006BEA0 |
1_2_000000014006BEA0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_000000014004DEA0 |
1_2_000000014004DEA0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00007FF66B143CF0 |
1_2_00007FF66B143CF0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00007FF66B156C30 |
1_2_00007FF66B156C30 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00007FF66B13FB30 |
1_2_00007FF66B13FB30 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00007FF66B135F60 |
1_2_00007FF66B135F60 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00007FF66B126E80 |
1_2_00007FF66B126E80 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00007FF66B15BD80 |
1_2_00007FF66B15BD80 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00007FF66B14B470 |
1_2_00007FF66B14B470 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00007FF66B13E450 |
1_2_00007FF66B13E450 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00007FF66B1237A0 |
1_2_00007FF66B1237A0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00007FF66B1216A0 |
1_2_00007FF66B1216A0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00007FF66B1276D0 |
1_2_00007FF66B1276D0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00007FF66B142710 |
1_2_00007FF66B142710 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00007FF66B14D5F0 |
1_2_00007FF66B14D5F0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00007FF66B1295D0 |
1_2_00007FF66B1295D0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: String function: 000000014002FE70 appears 34 times |
|
Source: C:\Users\user\Desktop\RUN.exe |
Code function: String function: 00000001400348F0 appears 41 times |
|
Source: C:\Users\user\Desktop\RUN.exe |
Code function: String function: 00007FF66B15D580 appears 84 times |
|
Source: C:\Users\user\Desktop\RUN.exe |
Code function: String function: 00007FF66B15BC90 appears 52 times |
|
Source: C:\Users\user\Desktop\RUN.exe |
Code function: String function: 00007FF66B15D670 appears 376 times |
|
Source: C:\Users\user\Desktop\RUN.exe |
Code function: String function: 00007FF66B15D710 appears 168 times |
|
Source: unknown |
Process created: C:\Users\user\Desktop\RUN.exe "C:\Users\user\Desktop\RUN.exe" |
|
Source: C:\Users\user\Desktop\RUN.exe |
Process created: C:\Users\user\Desktop\RUN.exe "C:\Users\user\Desktop\RUN.exe" |
|
Source: C:\Users\user\Desktop\RUN.exe |
Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\RUN.exe" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\PING.EXE ping 1.1.1.1 -n 1 -w 3000 |
|
Source: C:\Users\user\Desktop\RUN.exe |
Process created: C:\Users\user\Desktop\RUN.exe "C:\Users\user\Desktop\RUN.exe" |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\RUN.exe" |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\PING.EXE ping 1.1.1.1 -n 1 -w 3000 |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: a.exe:extractor.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\System32\PING.EXE |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\PING.EXE |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\System32\PING.EXE |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B1216A0 memcpy,strlen,strcpy_s,WideCharToMultiByte,strcpy_s,strcpy_s,strcpy_s,_strlwr,_strlwr,strstr,strcmp,CreateFileA,WideCharToMultiByte,strcpy_s,strcpy_s,strcpy_s,_strlwr,_strlwr,strstr,strcmp,NtWriteFile,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,NtClose,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,LdrLoadDll,strcmp,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,NtProtectVirtualMemory,remove,FreeLibrary,free,memcpy,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,strcmp,NtProtectVirtualMemory,strcmp,NtProtectVirtualMemory,strcmp,NtProtectVirtualMemory,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,exit, |
0_2_00007FF66B1216A0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00000001400B93CC FindClose,FindFirstFileExW,GetLastError,GetCurrentDirectoryW,GetLastError, |
1_2_00000001400B93CC |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00000001400B947C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,GetLastError,GetFileAttributesW,__std_fs_open_handle,CloseHandle, |
1_2_00000001400B947C |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140034D60 FindFirstFileW,FindNextFileW, |
1_2_0000000140034D60 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00000001400D40D8 FindFirstFileW,FindNextFileW, |
1_2_00000001400D40D8 |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655x |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: discord.comVMware20,11696428655f |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.co.inVMware20,11696428655d |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655 |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: global block list test formVMware20,11696428655 |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655} |
Source: RUN.exe, 00000001.00000002.2204235009.00000242131D5000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\ |
Source: RUN.exe, 00000001.00000002.2204235009.00000242131B4000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000002.2204235009.0000024213155000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2037368275.00000242131CA000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655 |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^ |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: account.microsoft.com/profileVMware20,11696428655u |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696428655|UE |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.comVMware20,11696428655} |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: outlook.office365.comVMware20,11696428655t |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655 |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: outlook.office.comVMware20,11696428655s |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~ |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: ms.portal.azure.comVMware20,11696428655 |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: AMC password management pageVMware20,11696428655 |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: tasks.office.comVMware20,11696428655o |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: turbotax.intuit.comVMware20,11696428655t |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.comVMware20,11696428655 |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655 |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: dev.azure.comVMware20,11696428655j |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: netportal.hdfcbank.comVMware20,11696428655 |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - HKVMware20,11696428655] |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: bankofamerica.comVMware20,11696428655x |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h |
Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B1216A0 memcpy,strlen,strcpy_s,WideCharToMultiByte,strcpy_s,strcpy_s,strcpy_s,_strlwr,_strlwr,strstr,strcmp,CreateFileA,WideCharToMultiByte,strcpy_s,strcpy_s,strcpy_s,_strlwr,_strlwr,strstr,strcmp,NtWriteFile,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,NtClose,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,LdrLoadDll,strcmp,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,NtProtectVirtualMemory,remove,FreeLibrary,free,memcpy,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,strcmp,NtProtectVirtualMemory,strcmp,NtProtectVirtualMemory,strcmp,NtProtectVirtualMemory,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,exit, |
0_2_00007FF66B1216A0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B1216A0 memcpy,strlen,strcpy_s,WideCharToMultiByte,strcpy_s,strcpy_s,strcpy_s,_strlwr,_strlwr,strstr,strcmp,CreateFileA,WideCharToMultiByte,strcpy_s,strcpy_s,strcpy_s,_strlwr,_strlwr,strstr,strcmp,NtWriteFile,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,NtClose,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,LdrLoadDll,strcmp,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,NtProtectVirtualMemory,remove,FreeLibrary,free,memcpy,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,strcmp,NtProtectVirtualMemory,strcmp,NtProtectVirtualMemory,strcmp,NtProtectVirtualMemory,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,exit, |
0_2_00007FF66B1216A0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B121180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,GetStartupInfoA, |
0_2_00007FF66B121180 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B29D3B8 SetUnhandledExceptionFilter, |
0_2_00007FF66B29D3B8 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 0_2_00007FF66B14365A SetUnhandledExceptionFilter, |
0_2_00007FF66B14365A |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_0000000140096A38 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
1_2_0000000140096A38 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00000001400D42B8 SetUnhandledExceptionFilter, |
1_2_00000001400D42B8 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: 1_2_00007FF66B121180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,GetStartupInfoA, |
1_2_00007FF66B121180 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: GetLocaleInfoW, |
1_2_00000001400A3090 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
1_2_00000001400AE120 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: EnumSystemLocalesW, |
1_2_00000001400ADA38 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: EnumSystemLocalesW, |
1_2_00000001400ADB08 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: EnumSystemLocalesW, |
1_2_00000001400A2B4C |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: GetLocaleInfoW, |
1_2_00000001400D43A0 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: EnumSystemLocalesW, |
1_2_00000001400D43B8 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW, |
1_2_00000001400AD6EC |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
1_2_00000001400ADF44 |
Source: C:\Users\user\Desktop\RUN.exe |
Code function: GetLocaleInfoEx,FormatMessageA, |
1_2_00000001400B8FC4 |
Source: RUN.exe, 00000001.00000002.2204235009.0000024213155000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Electrum-LTC\wallets |
Source: RUN.exe, 00000001.00000002.2204235009.0000024213155000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: ElectronCash\wallets |
Source: RUN.exe, 00000001.00000003.2088276894.0000024217B26000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: "software": "Ny1aaXAgMjMuMDEgKHg2NCkgWzIzLjAxXQpNb3ppbGxhIEZpcmVmb3ggKHg2NCBlbi1VUykgWzExOC4wLjFdCk1vemlsbGEgTWFpbnRlbmFuY2UgU2VydmljZSBbMTE4LjAuMV0KTWljcm9zb2Z0IE9mZmljZSBQcm9mZXNzaW9uYWwgUGx1cyAyMDE5IC0gZW4tdXMgWzE2LjAuMTY4MjcuMjAxMzBdCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMjIgWDY0IEFkZGl0aW9uYWwgUnVudGltZSAtIDE0LjM2LjMyNTMyIFsxNC4zNi4zMjUzMl0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBMaWNlbnNpbmcgQ29tcG9uZW50IFsxNi4wLjE2ODI3LjIwMTMwXQpPZmZpY2UgMTYgQ2xpY2stdG8tUnVuIEV4dGVuc2liaWxpdHkgQ29tcG9uZW50IDY0LWJpdCBSZWdpc3RyYXRpb24gWzE2LjAuMTY4MjcuMjAwNTZdCkFkb2JlIEFjcm9iYXQgKDY0LWJpdCkgWzIzLjAwNi4yMDMyMF0KTWljcm9zb2Z0IFZpc3VhbCBDKysgMjAyMiBYNjQgTWluaW11bSBSdW50aW1lIC0gMTQuMzYuMzI1MzIgWzE0LjM2LjMyNTMyXQpHb29nbGUgQ2hyb21lIFsxMTcuMC41OTM4LjEzMl0KTWljcm9zb2Z0IEVkZ2UgWzExNy4wLjIwNDUuNDddCk1pY3Jvc29mdCBFZGdlIFVwZGF0ZSBbMS4zLjE3Ny4xMV0KTWljcm9zb2Z0IEVkZ2UgV2ViVmlldzIgUnVudGltZSBbMTE3LjAuMjA0NS40N10KSmF2YSBBdXRvIFVwZGF0ZXIgWzIuOC4zODEuOV0KSmF2YSA4IFVwZGF0ZSAzODEgWzguMC4zODEwLjldCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMTUtMjAyMiBSZWRpc3RyaWJ1dGFibGUgKHg2NCkgLSAxNC4zNi4zMjUzMiBbMTQuMzYuMzI1MzIuMF0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBFeHRlbnNpYmlsaXR5IENvbXBvbmVudCBbMTYuMC4xNjgyNy4yMDEzMF0K", |
Source: RUN.exe, 00000001.00000002.2204235009.0000024213155000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Exodus\exodus.wallet |
Source: RUN.exe, 00000001.00000002.2204235009.0000024213155000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Ethereum\keystore |
Source: RUN.exe, 00000001.00000002.2204235009.0000024213155000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Ethereum\keystore |
Source: C:\Users\user\Desktop\RUN.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001 |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log |
Jump to behavior |
Source: C:\Users\user\Desktop\RUN.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies |
Jump to behavior |