Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.107.181.162 |
Source: bot.exe, 00000002.00000003.1455279514.000001EC26E80000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1455314455.000001EC26E84000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ns.microsoft.t/Regi |
Source: bot.exe, 00000002.00000003.1288855876.000001EC26E71000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ns.microsoft.t/RegirF~b |
Source: bot.exe, 00000002.00000003.1290619963.000001EC27C2E000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1290945374.000001EC252B2000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1291311899.000001EC252D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: bot.exe, 00000002.00000003.1289744841.000001EC25264000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000002.1456698198.000001EC2524E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.org/ |
Source: bot.exe, 00000002.00000003.1311444530.000001EC25280000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1315115313.000001EC27BA3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252. |
Source: bot.exe, 00000002.00000003.1311444530.000001EC25280000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1315115313.000001EC27BA3000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1324309551.000001EC252B2000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1311444530.000001EC252B2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta |
Source: bot.exe, 00000002.00000003.1290619963.000001EC27C2E000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1290945374.000001EC252B2000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1291311899.000001EC252D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: bot.exe, 00000002.00000003.1290619963.000001EC27C2E000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1290945374.000001EC252B2000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1291311899.000001EC252D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: bot.exe, 00000002.00000003.1290619963.000001EC27C2E000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1290945374.000001EC252B2000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1291311899.000001EC252D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: bot.exe, 00000002.00000003.1311444530.000001EC25280000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1315115313.000001EC27BA3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg |
Source: bot.exe, 00000002.00000003.1311444530.000001EC25280000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1315115313.000001EC27BA3000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1324309551.000001EC252B2000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1311444530.000001EC252B2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg |
Source: bot.exe, 00000002.00000003.1290619963.000001EC27C2E000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1290619963.000001EC27C15000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1291065146.000001EC27C16000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1290945374.000001EC252B2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: bot.exe, 00000002.00000003.1290619963.000001EC27C2E000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1290619963.000001EC27C15000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1291065146.000001EC27C16000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1290945374.000001EC252B2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: bot.exe, 00000002.00000003.1290619963.000001EC27C2E000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1290619963.000001EC27C15000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1291065146.000001EC27C16000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1290945374.000001EC252B2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: bot.exe |
String found in binary or memory: https://gcc.gnu.org/bugs/): |
Source: bot.exe, 00000002.00000003.1315115313.000001EC27BA3000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1324309551.000001EC252B2000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1311444530.000001EC252B2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e |
Source: bot.exe, 00000002.00000003.1299473293.000001EC27020000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1306737156.000001EC285FA000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1299473293.000001EC27028000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1300909810.000001EC27D2A000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1299745214.000001EC27CE5000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1299745214.000001EC27D32000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org |
Source: bot.exe, 00000002.00000003.1300909810.000001EC27D3A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: bot.exe, 00000002.00000003.1300909810.000001EC27D3A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK |
Source: bot.exe, 00000002.00000003.1311444530.000001EC25280000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1315115313.000001EC27BA3000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1324309551.000001EC252B2000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1311444530.000001EC252B2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0 |
Source: bot.exe, 00000002.00000003.1290619963.000001EC27C2E000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1290945374.000001EC252B2000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1291311899.000001EC252D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: bot.exe, 00000002.00000003.1290619963.000001EC27C2E000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1290945374.000001EC252B2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: bot.exe, 00000002.00000003.1311444530.000001EC25280000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1315115313.000001EC27BA3000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1324309551.000001EC252B2000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1311444530.000001EC252B2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u |
Source: bot.exe, 00000002.00000003.1299473293.000001EC27020000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1306737156.000001EC285FA000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1299473293.000001EC27028000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1300909810.000001EC27D2A000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1299745214.000001EC27CE5000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1299745214.000001EC27D32000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org |
Source: bot.exe, 00000002.00000003.1300909810.000001EC27D3A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP |
Source: bot.exe, 00000002.00000003.1300909810.000001EC27D3A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW |
Source: bot.exe, 00000002.00000003.1301182951.000001EC2702F000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1306737156.000001EC28601000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1300909810.000001EC27D3A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d |
Source: bot.exe, 00000002.00000003.1300909810.000001EC27D3A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: bot.exe, 00000002.00000003.1301182951.000001EC2702F000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1306737156.000001EC28601000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1300909810.000001EC27D3A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 0_2_00007FF7F89146A4 CreateToolhelp32Snapshot,Process32First,Process32Next,NtClose, |
0_2_00007FF7F89146A4 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 0_2_00007FF7F8913060 GetCurrentProcess,NtQueryInformationProcess,GetTempPathA,strlen,strlen,memcpy, |
0_2_00007FF7F8913060 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 0_2_00007FF7F8913C70 GetCurrentProcess,NtQueryInformationProcess,GetTempPathW,wcslen,wcslen,strlen,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wcslen,LdrLoadDll,GetProcAddress,VirtualProtect, |
0_2_00007FF7F8913C70 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140082030 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize, |
2_2_0000000140082030 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00000001400D06E8 NtAllocateVirtualMemory, |
2_2_00000001400D06E8 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00000001400819C5 NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle, |
2_2_00000001400819C5 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 0_2_00007FF7F89134D0 |
0_2_00007FF7F89134D0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 0_2_00007FF7F8913C70 |
0_2_00007FF7F8913C70 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 0_2_00007FF7F8935140 |
0_2_00007FF7F8935140 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 0_2_00007FF7F8916A40 |
0_2_00007FF7F8916A40 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 0_2_00007FF7F892DA84 |
0_2_00007FF7F892DA84 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 0_2_00007FF7F8917290 |
0_2_00007FF7F8917290 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 0_2_00007FF7F89134D0 |
0_2_00007FF7F89134D0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 0_2_00007FF7F8925B20 |
0_2_00007FF7F8925B20 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 0_2_00007FF7F892D367 |
0_2_00007FF7F892D367 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 0_2_00007FF7F892C4A0 |
0_2_00007FF7F892C4A0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 0_2_00007FF7F89364F0 |
0_2_00007FF7F89364F0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014008A06A |
2_2_000000014008A06A |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014007E0B0 |
2_2_000000014007E0B0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014005F140 |
2_2_000000014005F140 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00000001400421C0 |
2_2_00000001400421C0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014007F210 |
2_2_000000014007F210 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014008426B |
2_2_000000014008426B |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140032334 |
2_2_0000000140032334 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014005A337 |
2_2_000000014005A337 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00000001400743A0 |
2_2_00000001400743A0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014007E3D0 |
2_2_000000014007E3D0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014002F650 |
2_2_000000014002F650 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140086680 |
2_2_0000000140086680 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014003B740 |
2_2_000000014003B740 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014003C7E0 |
2_2_000000014003C7E0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014007EAB0 |
2_2_000000014007EAB0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140094B74 |
2_2_0000000140094B74 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014007FBE4 |
2_2_000000014007FBE4 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014009ACF0 |
2_2_000000014009ACF0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140084CF0 |
2_2_0000000140084CF0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014007CDF0 |
2_2_000000014007CDF0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014002EF60 |
2_2_000000014002EF60 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014009DFA0 |
2_2_000000014009DFA0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014006E000 |
2_2_000000014006E000 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014004E000 |
2_2_000000014004E000 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140082030 |
2_2_0000000140082030 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00000001400A7038 |
2_2_00000001400A7038 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140036050 |
2_2_0000000140036050 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014006B0A0 |
2_2_000000014006B0A0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140092094 |
2_2_0000000140092094 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014006A100 |
2_2_000000014006A100 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00000001400D0138 |
2_2_00000001400D0138 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00000001400D0160 |
2_2_00000001400D0160 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00000001400D0158 |
2_2_00000001400D0158 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014005A337 |
2_2_000000014005A337 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140006180 |
2_2_0000000140006180 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140028200 |
2_2_0000000140028200 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014009E21C |
2_2_000000014009E21C |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140055250 |
2_2_0000000140055250 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014009227C |
2_2_000000014009227C |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00000001400B92E0 |
2_2_00000001400B92E0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00000001400532E0 |
2_2_00000001400532E0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00000001400A22D8 |
2_2_00000001400A22D8 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140096300 |
2_2_0000000140096300 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140030305 |
2_2_0000000140030305 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140056340 |
2_2_0000000140056340 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140026340 |
2_2_0000000140026340 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140093344 |
2_2_0000000140093344 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140025350 |
2_2_0000000140025350 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140082380 |
2_2_0000000140082380 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014008E38C |
2_2_000000014008E38C |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014006A400 |
2_2_000000014006A400 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00000001400A5464 |
2_2_00000001400A5464 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140092464 |
2_2_0000000140092464 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014009C498 |
2_2_000000014009C498 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014006E49A |
2_2_000000014006E49A |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014004C500 |
2_2_000000014004C500 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140062510 |
2_2_0000000140062510 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00000001400705A0 |
2_2_00000001400705A0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140006610 |
2_2_0000000140006610 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00000001400596B0 |
2_2_00000001400596B0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00000001400316D7 |
2_2_00000001400316D7 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014006A730 |
2_2_000000014006A730 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140066750 |
2_2_0000000140066750 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00000001400907A0 |
2_2_00000001400907A0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00000001400A37AC |
2_2_00000001400A37AC |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014009E7A4 |
2_2_000000014009E7A4 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014008E884 |
2_2_000000014008E884 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014003394B |
2_2_000000014003394B |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014009B968 |
2_2_000000014009B968 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00000001400269E0 |
2_2_00000001400269E0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140078A40 |
2_2_0000000140078A40 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014006AA50 |
2_2_000000014006AA50 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140092AAC |
2_2_0000000140092AAC |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00000001400A6ACC |
2_2_00000001400A6ACC |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140037AD2 |
2_2_0000000140037AD2 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00000001400A1B68 |
2_2_00000001400A1B68 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00000001400BBB80 |
2_2_00000001400BBB80 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014006DBC0 |
2_2_000000014006DBC0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014002FC80 |
2_2_000000014002FC80 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140006D20 |
2_2_0000000140006D20 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014004AD30 |
2_2_000000014004AD30 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014006AD70 |
2_2_000000014006AD70 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140005DB0 |
2_2_0000000140005DB0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014009BE18 |
2_2_000000014009BE18 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140092E3C |
2_2_0000000140092E3C |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014006CE40 |
2_2_000000014006CE40 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140075E70 |
2_2_0000000140075E70 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014003BE96 |
2_2_000000014003BE96 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_0000000140072EC0 |
2_2_0000000140072EC0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_000000014009CF18 |
2_2_000000014009CF18 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00007FF7F8A0C950 |
2_2_00007FF7F8A0C950 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00007FF7F8916A40 |
2_2_00007FF7F8916A40 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00007FF7F892DA84 |
2_2_00007FF7F892DA84 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00007FF7F8925B20 |
2_2_00007FF7F8925B20 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00007FF7F8913C70 |
2_2_00007FF7F8913C70 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00007FF7F8935140 |
2_2_00007FF7F8935140 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00007FF7F89F7220 |
2_2_00007FF7F89F7220 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00007FF7F8917290 |
2_2_00007FF7F8917290 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00007FF7F892D367 |
2_2_00007FF7F892D367 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00007FF7F89134D0 |
2_2_00007FF7F89134D0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00007FF7F892C4A0 |
2_2_00007FF7F892C4A0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: 2_2_00007FF7F89364F0 |
2_2_00007FF7F89364F0 |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\System32\PING.EXE |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\PING.EXE |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\System32\PING.EXE |
Section loaded: mswsock.dll |
Jump to behavior |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696492231} |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.co.inVMware20,11696492231d |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: netportal.hdfcbank.comVMware20,11696492231 |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: outlook.office.comVMware20,11696492231s |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231 |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: AMC password management pageVMware20,11696492231 |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.comVMware20,11696492231 |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x |
Source: bot.exe, 00000002.00000002.1456698198.000001EC251E0000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000003.1289744841.000001EC25264000.00000004.00000020.00020000.00000000.sdmp, bot.exe, 00000002.00000002.1456698198.000001EC2524E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231 |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^ |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231 |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: outlook.office365.comVMware20,11696492231t |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: discord.comVMware20,11696492231f |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: global block list test formVMware20,11696492231 |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: dev.azure.comVMware20,11696492231j |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.comVMware20,11696492231} |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~ |
Source: bot.exe, 00000002.00000002.1456698198.000001EC2524E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: _NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}r |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: bankofamerica.comVMware20,11696492231x |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: tasks.office.comVMware20,11696492231o |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: account.microsoft.com/profileVMware20,11696492231u |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231 |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231 |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: ms.portal.azure.comVMware20,11696492231 |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: turbotax.intuit.comVMware20,11696492231t |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696492231|UE |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696492231x |
Source: bot.exe, 00000002.00000003.1293216845.000001EC27C43000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - HKVMware20,11696492231] |
Source: C:\Users\user\Desktop\bot.exe |
Code function: EnumSystemLocalesW, |
2_2_00000001400A409C |
Source: C:\Users\user\Desktop\bot.exe |
Code function: EnumSystemLocalesW, |
2_2_00000001400A416C |
Source: C:\Users\user\Desktop\bot.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
2_2_00000001400A4204 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: EnumSystemLocalesW, |
2_2_0000000140099354 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: GetLocaleInfoW, |
2_2_00000001400D0390 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: GetLocaleInfoEx,FormatMessageA, |
2_2_00000001400B63B0 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: GetLocaleInfoW, |
2_2_00000001400A4450 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
2_2_00000001400A45A8 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: GetLocaleInfoW, |
2_2_00000001400A4658 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
2_2_00000001400A4784 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: GetLocaleInfoW, |
2_2_0000000140099898 |
Source: C:\Users\user\Desktop\bot.exe |
Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW, |
2_2_00000001400A3D50 |
Source: bot.exe, 00000002.00000002.1456698198.000001EC251E0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Electrum-LTC\config |
Source: bot.exe, 00000002.00000002.1456698198.000001EC251E0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: ElectronCash\config |
Source: bot.exe, 00000002.00000003.1336291282.000001EC2944B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: "software": "Ny1aaXAgMjMuMDEgKHg2NCkgWzIzLjAxXQpNb3ppbGxhIEZpcmVmb3ggKHg2NCBlbi1VUykgWzExOC4wLjFdCk1vemlsbGEgTWFpbnRlbmFuY2UgU2VydmljZSBbMTE4LjAuMV0KTWljcm9zb2Z0IE9mZmljZSBQcm9mZXNzaW9uYWwgUGx1cyAyMDE5IC0gZW4tdXMgWzE2LjAuMTY4MjcuMjAxMzBdCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMjIgWDY0IEFkZGl0aW9uYWwgUnVudGltZSAtIDE0LjM2LjMyNTMyIFsxNC4zNi4zMjUzMl0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBMaWNlbnNpbmcgQ29tcG9uZW50IFsxNi4wLjE2ODI3LjIwMTMwXQpPZmZpY2UgMTYgQ2xpY2stdG8tUnVuIEV4dGVuc2liaWxpdHkgQ29tcG9uZW50IDY0LWJpdCBSZWdpc3RyYXRpb24gWzE2LjAuMTY4MjcuMjAwNTZdCkFkb2JlIEFjcm9iYXQgKDY0LWJpdCkgWzIzLjAwNi4yMDMyMF0KTWljcm9zb2Z0IFZpc3VhbCBDKysgMjAyMiBYNjQgTWluaW11bSBSdW50aW1lIC0gMTQuMzYuMzI1MzIgWzE0LjM2LjMyNTMyXQpHb29nbGUgQ2hyb21lIFsxMTcuMC41OTM4LjEzNF0KTWljcm9zb2Z0IEVkZ2UgWzExNy4wLjIwNDUuNDddCk1pY3Jvc29mdCBFZGdlIFVwZGF0ZSBbMS4zLjE3Ny4xMV0KTWljcm9zb2Z0IEVkZ2UgV2ViVmlldzIgUnVudGltZSBbMTE3LjAuMjA0NS40N10KSmF2YSBBdXRvIFVwZGF0ZXIgWzIuOC4zODEuOV0KSmF2YSA4IFVwZGF0ZSAzODEgWzguMC4zODEwLjldCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMTUtMjAyMiBSZWRpc3RyaWJ1dGFibGUgKHg2NCkgLSAxNC4zNi4zMjUzMiBbMTQuMzYuMzI1MzIuMF0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBFeHRlbnNpYmlsaXR5IENvbXBvbmVudCBbMTYuMC4xNjgyNy4yMDEzMF0K", |
Source: bot.exe, 00000002.00000002.1456698198.000001EC251E0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Exodus\exodus.wallet |
Source: bot.exe, 00000002.00000002.1456698198.000001EC251E0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Ethereum\keystore |
Source: bot.exe, 00000002.00000002.1456698198.000001EC251E0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Ethereum\keystore |
Source: C:\Users\user\Desktop\bot.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.db |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001 |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG |
Jump to behavior |
Source: C:\Users\user\Desktop\bot.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data |
Jump to behavior |