| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx edx, byte ptr [esp+ecx+5A603547h] | 3_2_00410130 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov byte ptr [ebx], dl | 3_2_00410130 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ecx, byte ptr [ecx+eax-24F86745h] | 3_2_00410130 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov edx, ecx | 3_2_00410130 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov edx, ecx | 3_2_00410130 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx esi, byte ptr [eax] | 3_2_004441F0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov edx, ecx | 3_2_0044137E |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov edx, ecx | 3_2_004413D5 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then jmp eax | 3_2_0041D5AF |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov edx, eax | 3_2_0043A97E |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [eax+ebx*8], 7CDE1E50h | 3_2_0043A97E |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [edi+esi*8], B62B8D10h | 3_2_0043A97E |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov byte ptr [ebx], cl | 3_2_0042EB60 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov ecx, eax | 3_2_0042EB60 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then lea edx, dword ptr [eax-80h] | 3_2_0042EB60 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ebx, byte ptr [esi+ecx+0000009Ch] | 3_2_0042EB60 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ecx, byte ptr [esi+eax+068F7B6Bh] | 3_2_0042EB60 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov dword ptr [esi+04h], eax | 3_2_0042EB60 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov byte ptr [ebx], al | 3_2_0042EB60 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov dword ptr [eax+ebx], 30303030h | 3_2_00401000 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov dword ptr [eax+ebx], 20202020h | 3_2_00401000 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [ebx+edi*8], B62B8D10h | 3_2_0043B170 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx edx, byte ptr [esp+ecx+5A603547h] | 3_2_00410118 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov byte ptr [ebx], dl | 3_2_00410118 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ecx, byte ptr [ecx+eax-24F86745h] | 3_2_00410118 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov edx, ecx | 3_2_00410118 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov edx, ecx | 3_2_00410118 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then jmp edx | 3_2_004431D0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then xor byte ptr [ecx+ebx], bl | 3_2_004431D0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx edx, byte ptr [esp+eax-7DC9E524h] | 3_2_004241E0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then jmp edx | 3_2_00442EB0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then xor byte ptr [ecx+ebx], bl | 3_2_00442EB0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then jmp edx | 3_2_004432C0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then xor byte ptr [ecx+ebx], bl | 3_2_004432C0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov byte ptr [eax+ebx], 00000030h | 3_2_004012D5 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov ecx, ebx | 3_2_00421333 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx esi, byte ptr [eax] | 3_2_00444380 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then jmp edx | 3_2_004433B0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then xor byte ptr [ecx+ebx], bl | 3_2_004433B0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h | 3_2_0042E400 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ebx, byte ptr [esi+ecx+0000009Ch] | 3_2_0042F4DD |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ecx, byte ptr [esi+eax+068F7B6Bh] | 3_2_0042F4DD |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov dword ptr [esi+04h], eax | 3_2_0042F4DD |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov byte ptr [ebx], al | 3_2_0042F4DD |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov ebx, eax | 3_2_0040D500 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov word ptr [ebx], ax | 3_2_0041F510 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov byte ptr [esi], cl | 3_2_0041F510 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx edx, byte ptr [esp+ecx-67BC38F0h] | 3_2_00441648 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx eax, word ptr [esi+ecx] | 3_2_0043C6D0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov word ptr [eax], cx | 3_2_0041C6E0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ebx, byte ptr [esp+ecx+52B71DE2h] | 3_2_00441720 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then xor byte ptr [ecx+ebx], bl | 3_2_00443720 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx eax, byte ptr [esp+ebx-09A22FB6h] | 3_2_0043F7E0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then add ebp, dword ptr [esp+0Ch] | 3_2_0042E870 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ecx, byte ptr [edi+ebx] | 3_2_00405820 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov word ptr [eax], cx | 3_2_0041C8CE |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov ecx, eax | 3_2_0040E8D6 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ebx, byte ptr [edx+esi] | 3_2_0040C960 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov ecx, eax | 3_2_0040E996 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then jmp eax | 3_2_0042AA40 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ecx, byte ptr [esp+eax+1817620Ch] | 3_2_0042AA60 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov word ptr [eax], cx | 3_2_0042CA72 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov word ptr [eax], cx | 3_2_0042CA72 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ecx, byte ptr [esp+eax+2BB126CDh] | 3_2_0043FAD0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov edi, edx | 3_2_00421B40 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp al, 2Eh | 3_2_0042AC04 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov edi, esi | 3_2_0041ECDE |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ebx, byte ptr [edx] | 3_2_00437CA0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov ebx, dword ptr [edi+04h] | 3_2_0042DE70 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov dword ptr [esp+3Ch], 595A5B84h | 3_2_00440E3A |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov edi, dword ptr [esp+54h] | 3_2_0042CEDA |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then jmp edx | 3_2_00442EB0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then xor byte ptr [ecx+ebx], bl | 3_2_00442EB0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h | 3_2_00425F00 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx edi, word ptr [edx] | 3_2_00428F00 |
| Source: file.exe, 00000003.00000003.2131010744.000000000388F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0 |
| Source: file.exe, 00000003.00000003.2131010744.000000000388F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
| Source: file.exe, 00000003.00000003.2131010744.000000000388F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0 |
| Source: file.exe, 00000003.00000003.2131010744.000000000388F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
| Source: file.exe, 00000003.00000003.2131010744.000000000388F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
| Source: file.exe, 00000003.00000003.2131010744.000000000388F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00 |
| Source: file.exe, 00000003.00000003.2131010744.000000000388F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0? |
| Source: file.exe, 00000003.00000003.2131010744.000000000388F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0 |
| Source: file.exe, 00000003.00000003.2131010744.000000000388F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.rootca1.amazontrust.com0: |
| Source: Amcache.hve.6.dr | String found in binary or memory: http://upx.sf.net |
| Source: file.exe, 00000003.00000003.2131010744.000000000388F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.c.lencr.org/0 |
| Source: file.exe, 00000003.00000003.2131010744.000000000388F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.i.lencr.org/0 |
| Source: file.exe, 00000003.00000003.2102801748.000000000389B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000003.00000003.2102843367.0000000003898000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000003.00000003.2102957593.0000000003898000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
| Source: file.exe, 00000003.00000003.2148108007.00000000013AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2147992648.000000000138D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743. |
| Source: file.exe, 00000003.00000003.2148108007.00000000013AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2147992648.000000000138D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta |
| Source: file.exe, 00000003.00000003.2102801748.000000000389B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000003.00000003.2102843367.0000000003898000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000003.00000003.2102957593.0000000003898000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
| Source: file.exe, 00000003.00000003.2102801748.000000000389B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000003.00000003.2102843367.0000000003898000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000003.00000003.2102957593.0000000003898000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
| Source: file.exe, 00000003.00000003.2102801748.000000000389B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000003.00000003.2102843367.0000000003898000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000003.00000003.2102957593.0000000003898000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
| Source: file.exe, 00000003.00000003.2148108007.00000000013AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2147992648.000000000138D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg |
| Source: file.exe, 00000003.00000003.2148108007.00000000013AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2147992648.000000000138D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg |
| Source: file.exe, 00000003.00000003.2102801748.000000000389B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000003.00000003.2102843367.0000000003898000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000003.00000003.2102957593.0000000003898000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/ac/?q= |
| Source: file.exe, 00000003.00000003.2102801748.000000000389B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000003.00000003.2102843367.0000000003898000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000003.00000003.2102957593.0000000003898000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/chrome_newtab |
| Source: file.exe, 00000003.00000003.2102801748.000000000389B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000003.00000003.2102843367.0000000003898000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000003.00000003.2102957593.0000000003898000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
| Source: file.exe, 00000003.00000003.2165424961.00000000013B0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://forbidstow.site/ |
| Source: file.exe, 00000003.00000002.2192697514.0000000001316000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2172599012.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://forbidstow.site/api |
| Source: file.exe, 00000003.00000003.2172599012.0000000001395000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://forbidstow.site/apiDw |
| Source: file.exe, 00000003.00000003.2118075950.000000000138D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2130598412.000000000138D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://forbidstow.site/apiY |
| Source: file.exe, 00000003.00000003.2147992648.000000000138D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://forbidstow.site/apil |
| Source: file.exe, 00000003.00000003.2130598412.000000000138D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://forbidstow.site/c |
| Source: file.exe, 00000003.00000002.2192897295.000000000139C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2172599012.0000000001395000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://forbidstow.site/e |
| Source: file.exe, 00000003.00000002.2192897295.000000000139C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2192697514.0000000001316000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://forbidstow.site/pi |
| Source: file.exe, 00000003.00000002.2192897295.000000000139C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://forbidstow.site/piDw |
| Source: file.exe, 00000003.00000003.2172599012.0000000001395000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://forbidstow.site/tw |
| Source: file.exe, 00000003.00000003.2147992648.000000000138D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://forbidstow.site/zo |
| Source: file.exe, 00000003.00000003.2117769016.0000000003865000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000003.00000003.2117686465.000000000386C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://forbidstow.site:443/api |
| Source: file.exe, 00000003.00000003.2172599012.0000000001395000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2150304942.000000000139C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2130598412.000000000138D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://forbidstow.site:443/apil |
| Source: file.exe, 00000003.00000003.2147992648.000000000138D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi |
| Source: file.exe, 00000003.00000003.2132206149.0000000003985000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
| Source: file.exe, 00000003.00000003.2132206149.0000000003985000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all |
| Source: file.exe, 00000003.00000003.2148108007.00000000013AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2147992648.000000000138D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477 |
| Source: file.exe, 00000003.00000003.2148108007.00000000013AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2147992648.000000000138D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref |
| Source: file.exe, 00000003.00000003.2102801748.000000000389B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000003.00000003.2102843367.0000000003898000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000003.00000003.2102957593.0000000003898000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.ecosia.org/newtab/ |
| Source: file.exe, 00000003.00000003.2102801748.000000000389B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000003.00000003.2102843367.0000000003898000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000003.00000003.2102957593.0000000003898000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
| Source: file.exe, 00000003.00000003.2132206149.0000000003985000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc |
| Source: file.exe, 00000003.00000003.2132206149.0000000003985000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6 |
| Source: file.exe, 00000003.00000003.2132206149.0000000003985000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
| Source: file.exe, 00000003.00000003.2132206149.0000000003985000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
| Source: file.exe, 00000003.00000003.2132206149.0000000003985000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg |
| Source: file.exe, 00000003.00000003.2132206149.0000000003985000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BA20B0 | 0_2_00BA20B0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BA1000 | 0_2_00BA1000 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BA3260 | 0_2_00BA3260 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BA6390 | 0_2_00BA6390 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BB2590 | 0_2_00BB2590 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BBD0B0 | 0_2_00BBD0B0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BAA8E0 | 0_2_00BAA8E0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BC70E0 | 0_2_00BC70E0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BB0030 | 0_2_00BB0030 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BBE020 | 0_2_00BBE020 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BD9006 | 0_2_00BD9006 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BB6070 | 0_2_00BB6070 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BCC870 | 0_2_00BCC870 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BAE1C0 | 0_2_00BAE1C0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BAD170 | 0_2_00BAD170 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BA6970 | 0_2_00BA6970 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BAB950 | 0_2_00BAB950 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BB1150 | 0_2_00BB1150 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BB7AA0 | 0_2_00BB7AA0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BA92E0 | 0_2_00BA92E0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BBD2E0 | 0_2_00BBD2E0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BA92D0 | 0_2_00BA92D0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BAC2C0 | 0_2_00BAC2C0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BBDA30 | 0_2_00BBDA30 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BAA220 | 0_2_00BAA220 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BB5250 | 0_2_00BB5250 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BDB242 | 0_2_00BDB242 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BA8B90 | 0_2_00BA8B90 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BADB80 | 0_2_00BADB80 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BB73E0 | 0_2_00BB73E0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BAF3D0 | 0_2_00BAF3D0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BA9BC0 | 0_2_00BA9BC0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BAACB0 | 0_2_00BAACB0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BBB4E0 | 0_2_00BBB4E0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BC5CE1 | 0_2_00BC5CE1 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BA84C0 | 0_2_00BA84C0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BA4410 | 0_2_00BA4410 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BA7C00 | 0_2_00BA7C00 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BCE449 | 0_2_00BCE449 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BB85A0 | 0_2_00BB85A0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BBCD60 | 0_2_00BBCD60 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BA7E00 | 0_2_00BA7E00 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BAE640 | 0_2_00BAE640 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BAF7B0 | 0_2_00BAF7B0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BA97A0 | 0_2_00BA97A0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BBBFA0 | 0_2_00BBBFA0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BB57C0 | 0_2_00BB57C0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BBAF10 | 0_2_00BBAF10 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BB6F50 | 0_2_00BB6F50 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BB4F40 | 0_2_00BB4F40 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_004100C5 | 3_2_004100C5 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0042509D | 3_2_0042509D |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00410130 | 3_2_00410130 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0043A2E0 | 3_2_0043A2E0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0041D5AF | 3_2_0041D5AF |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00444620 | 3_2_00444620 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0042A6D0 | 3_2_0042A6D0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00426800 | 3_2_00426800 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0040F970 | 3_2_0040F970 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0043A97E | 3_2_0043A97E |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0042EB60 | 3_2_0042EB60 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00401000 | 3_2_00401000 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00410118 | 3_2_00410118 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_004431D0 | 3_2_004431D0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_004331DE | 3_2_004331DE |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_004291E0 | 3_2_004291E0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_004241E0 | 3_2_004241E0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00442EB0 | 3_2_00442EB0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0040F250 | 3_2_0040F250 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0040B260 | 3_2_0040B260 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0040A270 | 3_2_0040A270 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0043E230 | 3_2_0043E230 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_004432C0 | 3_2_004432C0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_004012D5 | 3_2_004012D5 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0041E298 | 3_2_0041E298 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00408340 | 3_2_00408340 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00401328 | 3_2_00401328 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0042C3E0 | 3_2_0042C3E0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00442380 | 3_2_00442380 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_004433B0 | 3_2_004433B0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0042F4DD | 3_2_0042F4DD |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00429494 | 3_2_00429494 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_004094BF | 3_2_004094BF |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0041F510 | 3_2_0041F510 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_004255A4 | 3_2_004255A4 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_004335B0 | 3_2_004335B0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0042D642 | 3_2_0042D642 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0042762D | 3_2_0042762D |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_004386FE | 3_2_004386FE |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_004226A0 | 3_2_004226A0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0042762D | 3_2_0042762D |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0040D760 | 3_2_0040D760 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00441720 | 3_2_00441720 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00443720 | 3_2_00443720 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0040A730 | 3_2_0040A730 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00429494 | 3_2_00429494 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0042B7D9 | 3_2_0042B7D9 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0042B7FE | 3_2_0042B7FE |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00442850 | 3_2_00442850 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0041482A | 3_2_0041482A |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_004038E0 | 3_2_004038E0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00439940 | 3_2_00439940 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00407960 | 3_2_00407960 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00444920 | 3_2_00444920 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00431980 | 3_2_00431980 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0042AA40 | 3_2_0042AA40 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0042CA72 | 3_2_0042CA72 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00420A24 | 3_2_00420A24 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00421B40 | 3_2_00421B40 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0040DB20 | 3_2_0040DB20 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00415BD8 | 3_2_00415BD8 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00439BA0 | 3_2_00439BA0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00414BBF | 3_2_00414BBF |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00444C50 | 3_2_00444C50 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00434C60 | 3_2_00434C60 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0042AC04 | 3_2_0042AC04 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0043EC20 | 3_2_0043EC20 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0040ECC0 | 3_2_0040ECC0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00427CD2 | 3_2_00427CD2 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0041ECDE | 3_2_0041ECDE |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0040BD70 | 3_2_0040BD70 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00429D00 | 3_2_00429D00 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0040ADD0 | 3_2_0040ADD0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00432D80 | 3_2_00432D80 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00408DA0 | 3_2_00408DA0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00422E50 | 3_2_00422E50 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00416E10 | 3_2_00416E10 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_0042BE10 | 3_2_0042BE10 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00442EB0 | 3_2_00442EB0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00406F60 | 3_2_00406F60 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00428F00 | 3_2_00428F00 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00408DA0 | 3_2_00408DA0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00426F82 | 3_2_00426F82 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00434F80 | 3_2_00434F80 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00441F80 | 3_2_00441F80 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00409F9C | 3_2_00409F9C |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00404FA0 | 3_2_00404FA0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00409FA8 | 3_2_00409FA8 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BA20B0 | 3_2_00BA20B0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BBD0B0 | 3_2_00BBD0B0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BAA8E0 | 3_2_00BAA8E0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BC70E0 | 3_2_00BC70E0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BB0030 | 3_2_00BB0030 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BBE020 | 3_2_00BBE020 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BA1000 | 3_2_00BA1000 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BD9006 | 3_2_00BD9006 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BB6070 | 3_2_00BB6070 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BCC870 | 3_2_00BCC870 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BAE1C0 | 3_2_00BAE1C0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BAD170 | 3_2_00BAD170 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BA6970 | 3_2_00BA6970 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BAB950 | 3_2_00BAB950 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BB1150 | 3_2_00BB1150 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BB7AA0 | 3_2_00BB7AA0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BA92E0 | 3_2_00BA92E0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BBD2E0 | 3_2_00BBD2E0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BA92D0 | 3_2_00BA92D0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BAC2C0 | 3_2_00BAC2C0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BBDA30 | 3_2_00BBDA30 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BAA220 | 3_2_00BAA220 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BA3260 | 3_2_00BA3260 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BB5250 | 3_2_00BB5250 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BDB242 | 3_2_00BDB242 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BA8B90 | 3_2_00BA8B90 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BA6390 | 3_2_00BA6390 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BADB80 | 3_2_00BADB80 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BB73E0 | 3_2_00BB73E0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BAF3D0 | 3_2_00BAF3D0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BA9BC0 | 3_2_00BA9BC0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BAACB0 | 3_2_00BAACB0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BBB4E0 | 3_2_00BBB4E0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BC5CE1 | 3_2_00BC5CE1 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BA84C0 | 3_2_00BA84C0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BA4410 | 3_2_00BA4410 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BA7C00 | 3_2_00BA7C00 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BCE449 | 3_2_00BCE449 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BB85A0 | 3_2_00BB85A0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BB2590 | 3_2_00BB2590 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BBCD60 | 3_2_00BBCD60 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BA7E00 | 3_2_00BA7E00 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BAE640 | 3_2_00BAE640 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BAF7B0 | 3_2_00BAF7B0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BA97A0 | 3_2_00BA97A0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BBBFA0 | 3_2_00BBBFA0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BB57C0 | 3_2_00BB57C0 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BBAF10 | 3_2_00BBAF10 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BB6F50 | 3_2_00BB6F50 |
| Source: C:\Users\user\Desktop\file.exe | Code function: 3_2_00BB4F40 | 3_2_00BB4F40 |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: winhttp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: webio.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: mswsock.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: winnsi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: dnsapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: rasadhlp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: schannel.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: ntasn1.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: ncrypt.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: gpapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: dpapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: wbemcomn.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: amsi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: Amcache.hve.6.dr | Binary or memory string: VMware |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: interactivebrokers.co.inVMware20,11696428655d |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655 |
| Source: file.exe, 00000003.00000003.2118357083.00000000038B6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: - GDCDYNVMware20,11696428655p |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: global block list test formVMware20,11696428655 |
| Source: Amcache.hve.6.dr | Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
| Source: file.exe, 00000003.00000002.2192697514.0000000001316000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: account.microsoft.com/profileVMware20,11696428655u |
| Source: Amcache.hve.6.dr | Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p |
| Source: Amcache.hve.6.dr | Binary or memory string: vmci.sys |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: AMC password management pageVMware20,11696428655 |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: tasks.office.comVMware20,11696428655o |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: turbotax.intuit.comVMware20,11696428655t |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: interactivebrokers.comVMware20,11696428655 |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655 |
| Source: file.exe, 00000003.00000003.2118357083.00000000038B6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: YNVMware |
| Source: Amcache.hve.6.dr | Binary or memory string: VMware20,1 |
| Source: Amcache.hve.6.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
| Source: Amcache.hve.6.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
| Source: Amcache.hve.6.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - HKVMware20,11696428655] |
| Source: Amcache.hve.6.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
| Source: Amcache.hve.6.dr | Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
| Source: Amcache.hve.6.dr | Binary or memory string: VMware PCI VMCI Bus Device |
| Source: Amcache.hve.6.dr | Binary or memory string: VMware VMCI Bus Device |
| Source: Amcache.hve.6.dr | Binary or memory string: VMware Virtual RAM |
| Source: Amcache.hve.6.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: bankofamerica.comVMware20,11696428655x |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655 |
| Source: Amcache.hve.6.dr | Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Canara Transaction PasswordVMware20,11696428655x |
| Source: Amcache.hve.6.dr | Binary or memory string: VMware Virtual USB Mouse |
| Source: Amcache.hve.6.dr | Binary or memory string: vmci.syshbin |
| Source: Amcache.hve.6.dr | Binary or memory string: VMware, Inc. |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: discord.comVMware20,11696428655f |
| Source: Amcache.hve.6.dr | Binary or memory string: VMware20,1hbin@ |
| Source: Amcache.hve.6.dr | Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
| Source: Amcache.hve.6.dr | Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Canara Transaction PasswordVMware20,11696428655} |
| Source: Amcache.hve.6.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655 |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^ |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: secure.bankofamerica.comVMware20,11696428655|UE |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: www.interactivebrokers.comVMware20,11696428655} |
| Source: Amcache.hve.6.dr | Binary or memory string: c:/windows/system32/drivers/vmci.sys |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: outlook.office365.comVMware20,11696428655t |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x |
| Source: Amcache.hve.6.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655 |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: outlook.office.comVMware20,11696428655s |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~ |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: ms.portal.azure.comVMware20,11696428655 |
| Source: Amcache.hve.6.dr | Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
| Source: Amcache.hve.6.dr | Binary or memory string: vmci.syshbin` |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z |
| Source: Amcache.hve.6.dr | Binary or memory string: \driver\vmci,\driver\pci |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: dev.azure.comVMware20,11696428655j |
| Source: Amcache.hve.6.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: netportal.hdfcbank.comVMware20,11696428655 |
| Source: Amcache.hve.6.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
| Source: file.exe, 00000003.00000002.2192697514.00000000012EC000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW@ |
| Source: file.exe, 00000003.00000003.2118424044.00000000038A9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h |
| Source: C:\Users\user\Desktop\file.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, | 0_2_00BD508B |
| Source: C:\Users\user\Desktop\file.exe | Code function: GetLocaleInfoW, | 0_2_00BD5191 |
| Source: C:\Users\user\Desktop\file.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, | 0_2_00BD4926 |
| Source: C:\Users\user\Desktop\file.exe | Code function: EnumSystemLocalesW, | 0_2_00BD095F |
| Source: C:\Users\user\Desktop\file.exe | Code function: EnumSystemLocalesW, | 0_2_00BD4B77 |
| Source: C:\Users\user\Desktop\file.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, | 0_2_00BD4C12 |
| Source: C:\Users\user\Desktop\file.exe | Code function: GetLocaleInfoW, | 0_2_00BD0464 |
| Source: C:\Users\user\Desktop\file.exe | Code function: GetLocaleInfoW, | 0_2_00BD4EC4 |
| Source: C:\Users\user\Desktop\file.exe | Code function: EnumSystemLocalesW, | 0_2_00BD4E65 |
| Source: C:\Users\user\Desktop\file.exe | Code function: EnumSystemLocalesW, | 0_2_00BD4F99 |
| Source: C:\Users\user\Desktop\file.exe | Code function: GetLocaleInfoW, | 0_2_00BD4FE4 |
| Source: C:\Users\user\Desktop\file.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, | 3_2_00BD508B |
| Source: C:\Users\user\Desktop\file.exe | Code function: GetLocaleInfoW, | 3_2_00BD5191 |
| Source: C:\Users\user\Desktop\file.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, | 3_2_00BD4926 |
| Source: C:\Users\user\Desktop\file.exe | Code function: EnumSystemLocalesW, | 3_2_00BD095F |
| Source: C:\Users\user\Desktop\file.exe | Code function: EnumSystemLocalesW, | 3_2_00BD4B77 |
| Source: C:\Users\user\Desktop\file.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, | 3_2_00BD4C12 |
| Source: C:\Users\user\Desktop\file.exe | Code function: GetLocaleInfoW, | 3_2_00BD0464 |
| Source: C:\Users\user\Desktop\file.exe | Code function: GetLocaleInfoW, | 3_2_00BD4EC4 |
| Source: C:\Users\user\Desktop\file.exe | Code function: EnumSystemLocalesW, | 3_2_00BD4E65 |
| Source: C:\Users\user\Desktop\file.exe | Code function: EnumSystemLocalesW, | 3_2_00BD4F99 |
| Source: C:\Users\user\Desktop\file.exe | Code function: GetLocaleInfoW, | 3_2_00BD4FE4 |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf | Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao | Jump to behavior |
Edit tour
file.exe (PID: 2516 cmdline: 
conhost.exe (PID: 6800 cmdline: 
WerFault.exe (PID: 3688 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node