Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00452126 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_0045C999 FindFirstFileW,FindNextFileW,FindClose, |
0_2_0045C999 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_00436ADE |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00434BEE |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle, |
0_2_00436D2D |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00442E1F |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_0045DD7C FindFirstFileW,FindClose, |
0_2_0045DD7C |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose, |
0_2_0044BD29 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
0_2_00475FE5 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0044BF8D |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_0047C08E SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, |
0_2_0047C08E |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_0042C9F3 NtClose, |
2_2_0042C9F3 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A207AC NtCreateMutant,LdrInitializeThunk, |
2_2_00A207AC |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1F9F0 NtClose,LdrInitializeThunk, |
2_2_00A1F9F0 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FAE8 NtQueryInformationProcess,LdrInitializeThunk, |
2_2_00A1FAE8 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FB68 NtFreeVirtualMemory,LdrInitializeThunk, |
2_2_00A1FB68 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FDC0 NtQuerySystemInformation,LdrInitializeThunk, |
2_2_00A1FDC0 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A200C4 NtCreateFile, |
2_2_00A200C4 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A20060 NtQuerySection, |
2_2_00A20060 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A20078 NtResumeThread, |
2_2_00A20078 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A20048 NtProtectVirtualMemory, |
2_2_00A20048 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A201D4 NtSetValueKey, |
2_2_00A201D4 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A2010C NtOpenDirectoryObject, |
2_2_00A2010C |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A20C40 NtGetContextThread, |
2_2_00A20C40 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A210D0 NtOpenProcessToken, |
2_2_00A210D0 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A21148 NtOpenThread, |
2_2_00A21148 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1F8CC NtWaitForSingleObject, |
2_2_00A1F8CC |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A21930 NtSetContextThread, |
2_2_00A21930 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1F938 NtWriteFile, |
2_2_00A1F938 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1F900 NtReadFile, |
2_2_00A1F900 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FAB8 NtQueryValueKey, |
2_2_00A1FAB8 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FAD0 NtAllocateVirtualMemory, |
2_2_00A1FAD0 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FA20 NtQueryInformationFile, |
2_2_00A1FA20 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FA50 NtEnumerateValueKey, |
2_2_00A1FA50 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FBB8 NtQueryInformationToken, |
2_2_00A1FBB8 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FBE8 NtQueryVirtualMemory, |
2_2_00A1FBE8 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FB50 NtCreateKey, |
2_2_00A1FB50 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FC90 NtUnmapViewOfSection, |
2_2_00A1FC90 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FC30 NtOpenProcess, |
2_2_00A1FC30 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FC60 NtMapViewOfSection, |
2_2_00A1FC60 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FC48 NtSetInformationFile, |
2_2_00A1FC48 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A21D80 NtSuspendThread, |
2_2_00A21D80 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FD8C NtDelayExecution, |
2_2_00A1FD8C |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FD5C NtEnumerateKey, |
2_2_00A1FD5C |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FEA0 NtReadVirtualMemory, |
2_2_00A1FEA0 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FED0 NtAdjustPrivilegesToken, |
2_2_00A1FED0 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FE24 NtWriteVirtualMemory, |
2_2_00A1FE24 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FFB4 NtCreateSection, |
2_2_00A1FFB4 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FFFC NtCreateProcessEx, |
2_2_00A1FFFC |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A1FF34 NtQueueApcThread, |
2_2_00A1FF34 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00409A40 |
0_2_00409A40 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00412038 |
0_2_00412038 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_0047E1FA |
0_2_0047E1FA |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_0041A46B |
0_2_0041A46B |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_0041240C |
0_2_0041240C |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00446566 |
0_2_00446566 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_004045E0 |
0_2_004045E0 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00412818 |
0_2_00412818 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_0047CBF0 |
0_2_0047CBF0 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00412C38 |
0_2_00412C38 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00424F70 |
0_2_00424F70 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_0041AF0D |
0_2_0041AF0D |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00427161 |
0_2_00427161 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_004212BE |
0_2_004212BE |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00443390 |
0_2_00443390 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00443391 |
0_2_00443391 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_0041D750 |
0_2_0041D750 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_004037E0 |
0_2_004037E0 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00427859 |
0_2_00427859 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_0040F890 |
0_2_0040F890 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_0042397B |
0_2_0042397B |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00411B63 |
0_2_00411B63 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00423EBF |
0_2_00423EBF |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_034B0380 |
0_2_034B0380 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_0042F053 |
2_2_0042F053 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00402858 |
2_2_00402858 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00402860 |
2_2_00402860 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00403170 |
2_2_00403170 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_0041017B |
2_2_0041017B |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00410183 |
2_2_00410183 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00401190 |
2_2_00401190 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00416B43 |
2_2_00416B43 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00416B3E |
2_2_00416B3E |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_004023D0 |
2_2_004023D0 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_004103A3 |
2_2_004103A3 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00401470 |
2_2_00401470 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_0040E423 |
2_2_0040E423 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00402540 |
2_2_00402540 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00402539 |
2_2_00402539 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A2E0C6 |
2_2_00A2E0C6 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A2E2E9 |
2_2_00A2E2E9 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00AD63BF |
2_2_00AD63BF |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A563DB |
2_2_00A563DB |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A32305 |
2_2_00A32305 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A7A37B |
2_2_00A7A37B |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00AB443E |
2_2_00AB443E |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00AB05E3 |
2_2_00AB05E3 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A4C5F0 |
2_2_00A4C5F0 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A76540 |
2_2_00A76540 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A34680 |
2_2_00A34680 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A3E6C1 |
2_2_00A3E6C1 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00AD2622 |
2_2_00AD2622 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A7A634 |
2_2_00A7A634 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A3C7BC |
2_2_00A3C7BC |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A5286D |
2_2_00A5286D |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A3C85C |
2_2_00A3C85C |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A329B2 |
2_2_00A329B2 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00AD098E |
2_2_00AD098E |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00AC49F5 |
2_2_00AC49F5 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A469FE |
2_2_00A469FE |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A7C920 |
2_2_00A7C920 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00ADCBA4 |
2_2_00ADCBA4 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00AB6BCB |
2_2_00AB6BCB |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00AD2C9C |
2_2_00AD2C9C |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00ABAC5E |
2_2_00ABAC5E |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A60D3B |
2_2_00A60D3B |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A3CD5B |
2_2_00A3CD5B |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A62E2F |
2_2_00A62E2F |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A4EE4C |
2_2_00A4EE4C |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00ACCFB1 |
2_2_00ACCFB1 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00AA2FDC |
2_2_00AA2FDC |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A40F3F |
2_2_00A40F3F |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A5D005 |
2_2_00A5D005 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00AAD06D |
2_2_00AAD06D |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A33040 |
2_2_00A33040 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A4905A |
2_2_00A4905A |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00ABD13F |
2_2_00ABD13F |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00AD1238 |
2_2_00AD1238 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A2F3CF |
2_2_00A2F3CF |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A37353 |
2_2_00A37353 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A65485 |
2_2_00A65485 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A41489 |
2_2_00A41489 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A6D47D |
2_2_00A6D47D |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A3351F |
2_2_00A3351F |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00AB579A |
2_2_00AB579A |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A657C3 |
2_2_00A657C3 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00AC771D |
2_2_00AC771D |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00ACF8EE |
2_2_00ACF8EE |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00AAF8C4 |
2_2_00AAF8C4 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00AB394B |
2_2_00AB394B |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00AB5955 |
2_2_00AB5955 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00AE3A83 |
2_2_00AE3A83 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00ABDBDA |
2_2_00ABDBDA |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A2FBD7 |
2_2_00A2FBD7 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A57B00 |
2_2_00A57B00 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00ACFDDD |
2_2_00ACFDDD |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00ABBF14 |
2_2_00ABBF14 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A5DF7C |
2_2_00A5DF7C |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: String function: 00A2DF5C appears 137 times |
|
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: String function: 00A9F970 appears 84 times |
|
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: String function: 00A7373B appears 253 times |
|
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: String function: 00A73F92 appears 132 times |
|
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: String function: 00A2E2A8 appears 60 times |
|
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: String function: 00445975 appears 65 times |
|
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: String function: 0041171A appears 37 times |
|
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: String function: 0041718C appears 45 times |
|
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: String function: 0040E6D0 appears 35 times |
|
Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000002.00000002.389879638.00000000000F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000002.00000002.389902818.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_004171D1 push ecx; ret |
0_2_004171E4 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_0040C15B push 00000006h; iretd |
2_2_0040C15D |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00414193 push ss; ret |
2_2_00414194 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_004159A1 push 35D13253h; ret |
2_2_004159A6 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00408A24 push esi; retf |
2_2_00408A26 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00412379 push ebx; retf |
2_2_0041238C |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_0040531A pushad ; ret |
2_2_0040532C |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_004033F0 push eax; ret |
2_2_004033F2 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_0041A4CE push cs; retf |
2_2_0041A4D2 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00404CAF push ebp; iretd |
2_2_00404CBC |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00411EC2 push 00000018h; ret |
2_2_00411ED8 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00404EA1 push es; ret |
2_2_00404EA2 |
Source: C:\Windows\SysWOW64\svchost.exe |
Code function: 2_2_00A2DFA1 push ecx; ret |
2_2_00A2DFB4 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_004772DE IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, |
0_2_004772DE |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_004375B0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput, |
0_2_004375B0 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00452126 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_0045C999 FindFirstFileW,FindNextFileW,FindClose, |
0_2_0045C999 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_00436ADE |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00434BEE |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle, |
0_2_00436D2D |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00442E1F |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_0045DD7C FindFirstFileW,FindClose, |
0_2_0045DD7C |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose, |
0_2_0044BD29 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
0_2_00475FE5 |
Source: C:\Users\user\Desktop\Proforma Invoice_pdf.exe |
Code function: 0_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0044BF8D |