Windows Analysis Report
SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe

Overview

General Information

Sample name: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe
Analysis ID: 1391082
MD5: 11a2a91d1b8c9b3b0784d70a78f2da6f
SHA1: 5ecb42524c51dea5e2377419f77c25ed8fedf0b2
SHA256: a57a3b08bfb8aec37a412a829baf276ce0dd2782927ccc925f4509c97680ea73
Tags: exe
Infos:

Detection

Amadey, RisePro Stealer
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Amadeys stealer DLL
Yara detected RisePro Stealer
Binary is likely a compiled AutoIt script file
Creates multiple autostart registry keys
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
PE file has nameless sections
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after accessing registry keys)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
Amadey Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

AV Detection

barindex
Source: http://185.215.113.46/mine/plaza.exe0v Avira URL Cloud: Label: malware
Source: http://185.215.113.46/mine/plaza.exej Avira URL Cloud: Label: malware
Source: http://185.215.113.46/cost/well.exemania Avira URL Cloud: Label: malware
Source: http://185.215.113.46/cost/fu.exef Avira URL Cloud: Label: malware
Source: http://185.215.113.46/cost/niks.exeeidi2JNoqCa0s9_1 Avira URL Cloud: Label: malware
Source: http://185.215.113.46/cost/ladas.exe86 Avira URL Cloud: Label: malware
Source: http://185.215.113.46/mine/plaza.exeb Avira URL Cloud: Label: malware
Source: http://185.215.113.46/mine/plaza.exeuu Avira URL Cloud: Label: malware
Source: http://185.215.113.46/cost/well.exe Avira URL Cloud: Label: malware
Source: http://185.215.113.46/cost/fu.exe Avira URL Cloud: Label: malware
Source: http://185.215.113.46/ Avira URL Cloud: Label: malware
Source: http://185.215.113.46/cost/ladas.exe3 Avira URL Cloud: Label: malware
Source: http://185.215.113.46/cost/ladas.exeA Avira URL Cloud: Label: malware
Source: http://185.215.113.46/mine/amert.exeg Avira URL Cloud: Label: malware
Source: http://185.215.113.46/mine/amert.exeS Avira URL Cloud: Label: malware
Source: http://185.215.113.46/mine/plaza.exenu Avira URL Cloud: Label: malware
Source: http://185.215.113.46/cost/ladas.exeT Avira URL Cloud: Label: malware
Source: http://185.215.113.46/cost/ladas.exeb Avira URL Cloud: Label: malware
Source: http://185.215.113.46/cost/ladas.exe17_ Avira URL Cloud: Label: malware
Source: http://185.215.113.46/mine/plaza.exe Avira URL Cloud: Label: malware
Source: http://185.215.113.46/cost/ladas.exev Avira URL Cloud: Label: malware
Source: http://185.215.113.46/cost/fu.exert Avira URL Cloud: Label: malware
Source: http://185.215.113.46/mine/plaza.exe7 Avira URL Cloud: Label: malware
Source: http://185.215.113.46/mine/plaza.exe6 Avira URL Cloud: Label: malware
Source: C:\Users\user\AppData\Local\AdobeUpdaterV131\AdobeUpdaterV131.exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\ProgramData\MPGPH131\MPGPH131.exe ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\fu[1].exe ReversingLabs: Detection: 21%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\fu[1].exe ReversingLabs: Detection: 21%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\ladas[1].exe ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\plaza[1].exe ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\ladas[1].exe ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\plaza[1].exe ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\well[1].exe ReversingLabs: Detection: 35%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\fu[1].exe ReversingLabs: Detection: 21%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\ladas[1].exe ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\plaza[1].exe ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\well[1].exe ReversingLabs: Detection: 35%
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\heidi2JNoqCa0s9_1\6EzL3hHTS7jbM2Oz3y4V.exe ReversingLabs: Detection: 21%
Source: C:\Users\user\AppData\Local\Temp\heidi2JNoqCa0s9_1\8PXzAAoEBuHCTzP4RBWU.exe ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Temp\heidi2JNoqCa0s9_1\WWQdc6vczGf1JWs0hh6W.exe ReversingLabs: Detection: 35%
Source: C:\Users\user\AppData\Local\Temp\heidi2JNoqCa0s9_1\zFHlx6IqQx3xR1F02yH2.exe ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Temp\heidi3rWvK1xaZKPt\3rOLtV34Ut0fTkzynGHi.exe ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Temp\heidi3rWvK1xaZKPt\IDzOFuKIaHRpmM4TfCyF.exe ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Temp\heidi3rWvK1xaZKPt\KxZFCNaRhrDevdKhe6iU.exe ReversingLabs: Detection: 35%
Source: C:\Users\user\AppData\Local\Temp\heidi3rWvK1xaZKPt\jQVZ0AI5Ls1YopKhCBc3.exe ReversingLabs: Detection: 21%
Source: C:\Users\user\AppData\Local\Temp\heidiOZ8O8BClDfN5\BzN7a4ewVcXrTgzQjQz2.exe ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Temp\heidiOZ8O8BClDfN5\HaJpYvk8t0RJ45fl1Ifn.exe ReversingLabs: Detection: 21%
Source: C:\Users\user\AppData\Local\Temp\heidiOZ8O8BClDfN5\HhXfzERnI4EYVEjNyANc.exe ReversingLabs: Detection: 39%
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\AdobeUpdaterV131\AdobeUpdaterV131.exe Joe Sandbox ML: detected
Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe Joe Sandbox ML: detected
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Joe Sandbox ML: detected
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A5FE20 CryptUnprotectData,CryptUnprotectData, 0_2_00A5FE20
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002BFE20 CryptUnprotectData,CryptUnprotectData, 6_2_002BFE20
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000027.00000003.2520526652.000002001F600000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000027.00000003.2520526652.000002001F600000.00000004.00000800.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A4C000 FindFirstFileA,FindNextFileA,SetFileAttributesA,RemoveDirectoryA,__Mtx_unlock, 0_2_00A4C000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00B1B005 recv,FindFirstFileExW, 0_2_00B1B005
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002AC000 FindFirstFileA,FindNextFileA,SetFileAttributesA,RemoveDirectoryA,__Mtx_unlock, 6_2_002AC000
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_0037B005 recv,FindFirstFileExW, 6_2_0037B005
Source: C:\Users\user\AppData\Local\Temp\heidi3rWvK1xaZKPt\dHERKKd2xGPyY5Ssqp_N.exe File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\heidi3rWvK1xaZKPt\dHERKKd2xGPyY5Ssqp_N.exe File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\heidi3rWvK1xaZKPt\dHERKKd2xGPyY5Ssqp_N.exe File opened: C:\Users\user\AppData\Local\Temp
Source: C:\Users\user\AppData\Local\Temp\heidi3rWvK1xaZKPt\dHERKKd2xGPyY5Ssqp_N.exe File opened: C:\Users\user\Desktop\desktop.ini
Source: C:\Users\user\AppData\Local\Temp\heidi3rWvK1xaZKPt\dHERKKd2xGPyY5Ssqp_N.exe File opened: C:\Users\user\AppData\Local
Source: C:\Users\user\AppData\Local\Temp\heidi3rWvK1xaZKPt\dHERKKd2xGPyY5Ssqp_N.exe File opened: C:\Users\user\Documents\desktop.ini
Source: firefox.exe Memory has grown: Private usage: 1MB later: 96MB
Source: Joe Sandbox View IP Address: 13.107.6.158 13.107.6.158
Source: Joe Sandbox View IP Address: 204.79.197.200 204.79.197.200
Source: Joe Sandbox View IP Address: 185.215.113.46 185.215.113.46
Source: Joe Sandbox View IP Address: 185.215.113.46 185.215.113.46
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00B1B005 recv,FindFirstFileExW, 0_2_00B1B005
Source: firefox.exe, 00000028.00000002.1887962885.00000298B6900000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video --attempting-deelevation equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.1772637061.00000231DC0C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.1772637061.00000231DC0C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com( equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2393281421.0000020021E76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2525501401.0000020021E7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2479090169.0000020021E76000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000024.00000002.1760940686.000001DF1A570000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000003.2513312990.000002001F9EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2537031544.000002001F9EA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: .S........[tlsflags0x00000000]www.youtube.com:443^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.1773334428.00000231DDDA0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 0`0https://www.youtube.com --attempting-deelevationUser equals www.youtube.com (Youtube)
Source: firefox.exe, 00000024.00000003.1759456164.000001DF1A58C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000024.00000002.1760940686.000001DF1A591000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: 7n7https://www.facebook.com/video --attempting-deelevationUser equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000003.2515159317.000002001F924000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2538696647.000002001F924000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8:https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2560000631.000002001B2F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2399662965.00000200212EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2394735009.00000200212EB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8e=nssBadCert&u=https%3A//www.youtube.com/&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2530333761.00000200212EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2560000631.000002001B2F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2506437316.00000200212EB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8e=nssBadCert&u=https%3A//www.youtube.com/&c=UTF-8&d=%20@ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2529018882.000002002197A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8http://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2545471085.000002001BC3A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8https://www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000003.2549293313.000002001B95D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2507147692.0000020021289000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2559211831.000002001B82A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000003.2530333761.00000200212D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2538913962.000002001F5C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2538913962.000002001F5D9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8https://www.facebook.com/video equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000003.2529410708.0000020021573000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2511786855.0000020020E88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2505263719.0000020021573000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8https://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2549293313.000002001B95D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2560000631.000002001B2F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2507147692.0000020021289000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2393281421.0000020021E76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2525501401.0000020021E7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2479090169.0000020021E76000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8https://www.youtube.com/p equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2560000631.000002001B2F5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000003.2560000631.000002001B2F5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2515159317.000002001F924000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2538696647.000002001F924000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: :https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2447950789.0000020017D8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @mozilla.org/network/background-file-saver;1?mode=streamlistenerhttp://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.1887962885.00000298B6900000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.facebook.com/video--attempting-deelevation equals www.facebook.com (Facebook)
Source: firefox.exe, 00000024.00000002.1760940686.000001DF1A570000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.facebook.com/videoSh equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.1772637061.00000231DC0C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000024.00000002.1760940686.000001DF1A570000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: C:\Users\user\AppData\Local\Temp\heidi3rWvK1xaZKPt\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/videoC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\DefaultQh equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.1772637061.00000231DC0C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: C:\Users\user\AppData\Local\Temp\heidi3rWvK1xaZKPt\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.comC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Defaultl equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.1887962885.00000298B6900000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video --attempting-deelevationC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000003.2512492000.0000020020E4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2536004477.0000020020E4B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: O^partitionKey=%28https%2Cfacebook.com%29,:https://www.facebook.com/video equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000003.2512492000.0000020020E4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2536004477.0000020020E4B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2440457824.0000020021579000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2529410708.0000020021573000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2398315807.0000020021579000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: Qmoz-nullprincipal:{5b8e26e2-dc46-4106-a8b1-d605d72fda69}?https://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2560000631.000002001B2DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000003.2560000631.000002001B2DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2507147692.0000020021289000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2448027886.0000020017D80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2529410708.0000020021573000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: about:certerror?e=nssBadCert&u=https%3A//www.youtube.com/&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2530333761.00000200212EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2560000631.000002001B2F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2399662965.00000200212EB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: e=nssBadCert&u=https%3A//www.youtube.com/&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2529018882.000002002197A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2277907438.000002001A8F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2545471085.000002001BC3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2546355697.000002001B9F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000003.2549293313.000002001B95D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2507147692.0000020021289000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2559211831.000002001B82A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000003.2530333761.00000200212D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2538913962.000002001F5C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2538913962.000002001F5D9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.facebook.com/video equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000003.2393281421.0000020021E94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2475835774.0000020021E95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021E94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2393281421.0000020021E94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2012410394.0000020019B77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2475835774.0000020021E95000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2549293313.000002001B95D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2560000631.000002001B2F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2507147692.0000020021289000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2503321768.00000200215B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2529410708.00000200215B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2398315807.00000200215B3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000024.00000003.1759456164.000001DF1A58C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000024.00000002.1760940686.000001DF1A591000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: s://www.facebook.com/video --attempting-deelevation equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.1772637061.00000231DC0C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: s://www.youtube.com --attempting-deelevation equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2519173933.000002001BFDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2510716950.0000020020EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2535123302.0000020020EB5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: tlsflags0x00000000:www.youtube.com:443^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2538913962.000002001F5D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2515891721.000002001F5D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2538913962.000002001F5E6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000003.2393281421.0000020021E94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2540139218.000002001F5A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2475835774.0000020021E95000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2535743839.0000020020E99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2511786855.0000020020E99000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.comp equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2408780882.000002001F973000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.comtags________ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2513312990.000002001F9EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2537031544.000002001F9EA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: x.S........[tlsflags0x00000000]www.youtube.com:443^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2512492000.0000020020E4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2536004477.0000020020E4B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: xO^partitionKey=%28https%2Cfacebook.com%29,:https://www.facebook.com/video equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000003.2512492000.0000020020E4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2536004477.0000020020E4B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: xO^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2507147692.0000020021289000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2529410708.0000020021573000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2491387296.0000020021E36000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: xabout:certerror?e=nssBadCert&u=https%3A//www.youtube.com/&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2546355697.000002001B9F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: xhttps://www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000003.2545471085.000002001BC3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2546355697.000002001B9F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2558878982.000002001B83D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: xhttps://www.facebook.com/video equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000003.2278212608.000002001A8EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2512492000.0000020020E4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2536004477.0000020020E4B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: xhttps://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2278212608.000002001A8EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2512492000.0000020020E4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2536004477.0000020020E4B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: xhttps://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2503321768.00000200215B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2529410708.00000200215B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2398315807.00000200215B3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: xhttps://www.youtube.com^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2510716950.0000020020EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2535123302.0000020020EB5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: xtlsflags0x00000000:www.youtube.com:443^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1661731813.0000000006643000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1650239381.0000000006643000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1652691922.0000000006643000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/
Source: RageMP131.exe, 00000014.00000002.2099369510.0000000001441000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/fu.exe
Source: MPGPH131.exe, 00000006.00000003.2735491573.0000000000D7E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2608514599.0000000000D7E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/fu.exe(
Source: RageMP131.exe, 00000008.00000002.1939358806.000000000156C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/fu.exe)
Source: MPGPH131.exe, 00000007.00000003.2341146026.0000000005CE9000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2626712828.0000000005CE9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/fu.exef
Source: MPGPH131.exe, 00000007.00000002.2560943444.0000000000CEE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/fu.exeger
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1650239381.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1661731813.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1652691922.0000000006631000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/fu.exert
Source: RageMP131.exe, 00000014.00000002.2099369510.0000000001441000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/ladas.exe
Source: MPGPH131.exe, 00000006.00000003.2735773869.00000000061A1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/ladas.exe12
Source: MPGPH131.exe, 00000006.00000003.2735773869.00000000061A1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/ladas.exe13
Source: MPGPH131.exe, 00000006.00000003.2735773869.00000000061A1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/ladas.exe17_
Source: MPGPH131.exe, 00000006.00000003.2735773869.00000000061A1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/ladas.exe3
Source: MPGPH131.exe, 00000006.00000003.2735773869.00000000061A1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/ladas.exe3F
Source: MPGPH131.exe, 00000006.00000003.2735773869.00000000061A1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/ladas.exe83u
Source: MPGPH131.exe, 00000006.00000003.2735773869.00000000061A1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/ladas.exe86
Source: MPGPH131.exe, 00000006.00000003.2735773869.00000000061A1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/ladas.exe9x
Source: MPGPH131.exe, 00000006.00000003.2735773869.00000000061A1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/ladas.exeA
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000002.2086346307.00000000014FE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/ladas.exeS1
Source: MPGPH131.exe, 00000006.00000003.2735773869.00000000061A1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/ladas.exeT
Source: MPGPH131.exe, 00000006.00000003.2735773869.00000000061A1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/ladas.exeb
Source: MPGPH131.exe, 00000007.00000002.2626712828.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/ladas.exehvpd
Source: MPGPH131.exe, 00000006.00000003.2735491573.0000000000D7E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/ladas.exet
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1950118970.0000000006643000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/ladas.exev
Source: RageMP131.exe, 00000014.00000002.2099369510.0000000001441000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/niks.exe
Source: MPGPH131.exe, 00000007.00000002.2560943444.0000000000CEE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/niks.exed2
Source: MPGPH131.exe, 00000007.00000003.2341146026.0000000005CE9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/niks.exeeidi2JNoqCa0s9_1
Source: RageMP131.exe, 00000014.00000002.2099369510.0000000001441000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/well.exe
Source: MPGPH131.exe, 00000007.00000002.2626712828.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/well.exe1a
Source: MPGPH131.exe, 00000007.00000002.2560943444.0000000000CEE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/well.exeN2
Source: RageMP131.exe, 00000014.00000002.2099369510.0000000001441000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/cost/well.exemania
Source: RageMP131.exe, 00000014.00000002.2099369510.0000000001441000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/amert.exe
Source: RageMP131.exe, 00000014.00000002.2099369510.0000000001441000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/amert.exeS
Source: RageMP131.exe, 00000008.00000002.1939358806.000000000156C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/amert.exeau
Source: MPGPH131.exe, 00000006.00000003.2735773869.00000000061A1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/amert.exeg
Source: RageMP131.exe, 00000014.00000002.2099369510.0000000001441000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/plaza.exe
Source: MPGPH131.exe, 00000007.00000003.2341146026.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/plaza.exe0v
Source: MPGPH131.exe, 00000006.00000003.2735773869.00000000061A1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/plaza.exe13
Source: MPGPH131.exe, 00000007.00000003.2341146026.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/plaza.exe1rv
Source: MPGPH131.exe, 00000007.00000003.2341146026.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/plaza.exe6
Source: MPGPH131.exe, 00000006.00000003.2735491573.0000000000D7E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2608514599.0000000000D7E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/plaza.exe7
Source: MPGPH131.exe, 00000007.00000003.2341146026.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/plaza.exe8
Source: MPGPH131.exe, 00000007.00000003.2341146026.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/plaza.exe81
Source: MPGPH131.exe, 00000007.00000003.2341146026.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/plaza.exe85kuue
Source: MPGPH131.exe, 00000006.00000003.2735773869.00000000061A1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/plaza.exe86
Source: MPGPH131.exe, 00000007.00000003.2341146026.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/plaza.exe9
Source: MPGPH131.exe, 00000007.00000003.2341146026.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2626712828.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/plaza.exeVube
Source: MPGPH131.exe, 00000007.00000003.2341146026.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/plaza.exeb
Source: MPGPH131.exe, 00000006.00000003.2735773869.00000000061A1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/plaza.exej
Source: RageMP131.exe, 00000014.00000002.2099369510.0000000001441000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/plaza.exeman2
Source: RageMP131.exe, 00000008.00000002.1939358806.000000000156C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/plaza.exenu
Source: MPGPH131.exe, 00000007.00000003.2341146026.0000000005CE9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/plaza.exesive.dll
Source: MPGPH131.exe, 00000007.00000003.2341146026.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.46/mine/plaza.exeuu
Source: firefox.exe, 00000027.00000003.2505263719.0000020021573000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://accounts.google.com/
Source: firefox.exe, 00000027.00000003.2553308884.000002001B884000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
Source: firefox.exe, 00000027.00000003.2520526652.000002001F600000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000027.00000003.2520526652.000002001F600000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000027.00000003.2240336859.0000020015989000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000027.00000003.2553308884.000002001B884000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cps.root-x1.letsencrypt.org0
Source: firefox.exe, 00000027.00000003.2542777005.000002001BCCA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.pki.goog/gsr1/gsr1.crl0;
Source: firefox.exe, 00000027.00000003.2520526652.000002001F600000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000027.00000003.2520526652.000002001F600000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000027.00000003.2520526652.000002001F600000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000027.00000003.2520526652.000002001F600000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000027.00000003.2520526652.000002001F600000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000027.00000003.2515159317.000002001F924000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2538696647.000002001F924000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crls.pki.goog/gts1c3/zdATt0Ex_Fk.crl0
Source: firefox.exe, 00000027.00000003.2441089239.00000200212F6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000027.00000003.2008257223.0000020019C8E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000027.00000003.1949619169.0000020019DC9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000027.00000003.2008257223.0000020019C8E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000027.00000003.2008257223.0000020019C8E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000027.00000003.1987471324.000002001B39E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000027.00000003.1987471324.000002001B39E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000027.00000003.2513312990.000002001F996000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://json-schema.org/draft-04/schema#
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://json-schema.org/draft-06/schema#
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://json-schema.org/draft-07/schema#
Source: firefox.exe, 00000027.00000003.2513312990.000002001F996000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://json-schema.org/draft-07/schema#-
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org
Source: firefox.exe, 00000027.00000003.2552897577.000002001B90D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/
Source: firefox.exe, 00000027.00000003.2278677697.000002001A854000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2355399254.00000200176F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1901938072.00000200176C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2094149182.00000200176EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1905616144.00000200176AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2278677697.000002001A883000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2214423557.000002001A89A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2345662599.00000200176A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2026712725.00000200176AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1905616144.00000200176C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2094149182.00000200176DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2549293313.000002001B937000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2077496755.0000020017691000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2298448290.000002001739A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1905553662.00000200176F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1899966098.00000200176D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2024819623.00000200176EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1899211633.00000200176D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2281683178.0000020019DC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1993999431.000002001A883000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1991165924.000002001A8AD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000027.00000003.2520526652.000002001F600000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000027.00000003.2520526652.000002001F600000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000027.00000003.2515159317.000002001F924000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2538696647.000002001F924000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.pki.goog
Source: firefox.exe, 00000027.00000003.2542777005.000002001BCCA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.pki.goog/gsr10)
Source: firefox.exe, 00000027.00000003.2515159317.000002001F924000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2538696647.000002001F924000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.pki.goog/gts1c301
Source: firefox.exe, 00000027.00000003.2520526652.000002001F600000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000027.00000003.2542777005.000002001BCCA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://pki.goog/gsr1/gsr1.crt02
Source: firefox.exe, 00000027.00000003.2515159317.000002001F924000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2538696647.000002001F924000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://pki.goog/repo/certs/gts1c3.der0
Source: firefox.exe, 00000027.00000003.2240336859.0000020015989000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000027.00000003.2545987773.000002001BC15000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://r3.i.lencr.org/0
Source: firefox.exe, 00000027.00000003.2507147692.0000020021289000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2531685400.0000020021289000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://r3.i.lencr.org/0W
Source: firefox.exe, 00000027.00000003.2513312990.000002001F9A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2515159317.000002001F924000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2535743839.0000020020E99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2538696647.000002001F924000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2537031544.000002001F9A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2511786855.0000020020E99000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://r3.o.lencr.org
Source: firefox.exe, 00000027.00000003.2535743839.0000020020E99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2511786855.0000020020E99000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://r3.o.lencr.org/
Source: firefox.exe, 00000027.00000003.2507147692.0000020021289000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2545987773.000002001BC15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2531685400.0000020021289000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://r3.o.lencr.org0
Source: firefox.exe, 00000027.00000003.2520526652.000002001F600000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000027.00000003.2520526652.000002001F600000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000027.00000003.2520526652.000002001F600000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000027.00000003.2240336859.0000020015989000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 0000002E.00000003.2739730282.0000026D26D18000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com
Source: firefox.exe, 00000029.00000003.2674811397.000002880C48E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2668913323.000002880C48E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2647414793.000002880C48B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2689777330.000002880C48E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2692565844.000002880C48E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: firefox.exe, 00000029.00000003.2674811397.000002880C48E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2668913323.000002880C48E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2647414793.000002880C48B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersl-n
Source: firefox.exe, 0000002E.00000003.2744790050.0000026D26D19000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002E.00000003.2739730282.0000026D26D18000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comTTF
Source: firefox.exe, 00000027.00000003.2240336859.0000020015989000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000027.00000003.2520526652.000002001F600000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 0000002E.00000003.2098306180.0000026D26FBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002E.00000003.2032879779.0000026D26FBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002E.00000003.2553038918.0000026D26FCB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000029.00000003.2026050058.000002880BFB5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul4e
Source: firefox.exe, 00000029.00000003.2026050058.000002880BFB5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulQj
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000002.2076238508.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1484666355.0000000005340000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1532755673.0000000004AC0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2765452640.00000000002A1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000007.00000003.1533495347.0000000004BA0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2549739564.00000000002A1000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000003.1636124507.0000000005320000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.1887520841.00000000008C1000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000014.00000003.1843238183.00000000051C0000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2088902875.00000000008C1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: http://www.winimage.com/zLibDll
Source: firefox.exe, 00000027.00000003.2447950789.0000020017D8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.youtube.com
Source: firefox.exe, 00000027.00000003.2529018882.000002002197A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.youtube.com/
Source: firefox.exe, 00000027.00000003.2507147692.0000020021289000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2545471085.000002001BC3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2531685400.0000020021289000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000027.00000003.2507147692.0000020021289000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2545471085.000002001BC3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2531685400.0000020021289000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 00000027.00000003.2553308884.000002001B8D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 00000027.00000003.1883235512.0000020017300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1888767017.000002001753A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1889124800.0000020017557000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1889563330.0000020017573000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1888525532.000002001751E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1577933294.0000000006588000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1576093941.000000000664A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1895410445.0000000005C4C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1646223753.0000000005E68000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1651595245.0000000005C48000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1638857933.0000000000D73000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1608053754.0000000000D61000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1598861889.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1638775970.0000000000D61000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1595883527.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1637417280.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1642307545.0000000005CDD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1597873882.0000000000D79000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: firefox.exe, 00000027.00000003.2559211831.000002001B820000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1989729068.000002001A8E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000027.00000003.2503321768.00000200215D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2529410708.00000200215D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2398315807.00000200215D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2440457824.00000200215D7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 0000002C.00000002.1926569196.000001DEAF620000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: firefox.exe, 0000002C.00000002.1926569196.000001DEAF620000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com--attempting-deelevation
Source: firefox.exe, 00000027.00000003.2511786855.0000020020E99000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: firefox.exe, 00000027.00000003.2546355697.000002001B98C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2511786855.0000020020E88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2461439392.00000200219F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2495701203.00000200219F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/https://accounts.google.com/
Source: jQVZ0AI5Ls1YopKhCBc3.exe, 0000000B.00000002.2765450458.00000000001F0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000025.00000002.1816315056.000001CAC95D0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.comC:
Source: firefox.exe, 00000027.00000003.2240336859.00000200159A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2239968674.00000200159DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2447950789.0000020017D8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4040738/cookie_autodelete-3.8.2.xpi
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4129240/privacy_badger17-2023.6.23.xpi
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4141092/facebook_container-2.3.11.xpi
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4141092/facebook_container-2.3.11.xpihttps://addon
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/506/506646-64.png?modified=mcrushed
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/506/506646-64.png?modified=mcrushed(browserSetting
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/784/784287-64.png?modified=mcrushed
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/784/784287-64.png?modified=mcrushedLe
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/954/954390-64.png?modified=97d4c956
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/954/954390-64.png?modified=97d4c956(browserSetting
Source: firefox.exe, 00000027.00000003.2548874875.000002001B981000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://allegro.pl/
Source: firefox.exe, 00000027.00000003.2400510109.000002001F919000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1707763558474.12791&key=1707763558400900
Source: firefox.exe, 00000027.00000003.2475549501.0000020021EF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2400510109.000002001F919000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1707763558474.12791&key=1707763558400900002.1&cta
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1577933294.0000000006588000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1576093941.000000000664A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1895410445.0000000005C4C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1646223753.0000000005E68000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1651595245.0000000005C48000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1638857933.0000000000D73000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1608053754.0000000000D61000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1598861889.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1638775970.0000000000D61000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1595883527.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1637417280.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1642307545.0000000005CDD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1597873882.0000000000D79000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1577933294.0000000006588000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1576093941.000000000664A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2034944261.0000000005C3F000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1895410445.0000000005C4C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1646223753.0000000005E68000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1651595245.0000000005C48000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2061821580.0000000005C4E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1638857933.0000000000D73000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1608053754.0000000000D61000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1598861889.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1638775970.0000000000D61000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1595883527.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1637417280.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1642307545.0000000005CDD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1597873882.0000000000D79000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1577933294.0000000006588000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1576093941.000000000664A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2034944261.0000000005C3F000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1895410445.0000000005C4C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1646223753.0000000005E68000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1651595245.0000000005C48000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2061821580.0000000005C4E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1638857933.0000000000D73000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1608053754.0000000000D61000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1598861889.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1638775970.0000000000D61000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1595883527.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1637417280.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1642307545.0000000005CDD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1597873882.0000000000D79000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: firefox.exe, 00000027.00000003.1883235512.0000020017300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1888767017.000002001753A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1889124800.0000020017557000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1889563330.0000020017573000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1888525532.000002001751E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000027.00000003.2475549501.0000020021EF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2400510109.000002001F919000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgThi
Source: firefox.exe, 00000027.00000003.2475549501.0000020021EF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2400510109.000002001F919000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile-images.services.mozilla.com/Itd_9Uful1tVwaV4hW73oqSvUYC6Gf8RNa3yg9HsqRE.3951.jpg
Source: firefox.exe, 00000027.00000003.2475549501.0000020021EF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2400510109.000002001F919000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgA
Source: firefox.exe, 00000027.00000003.1987471324.000002001B39E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
Source: firefox.exe, 00000027.00000003.1987471324.000002001B39E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000027.00000003.1987471324.000002001B39E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
Source: firefox.exe, 00000027.00000003.1987471324.000002001B39E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
Source: firefox.exe, 00000027.00000003.1987471324.000002001B39E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
Source: firefox.exe, 00000027.00000003.2558878982.000002001B83D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1888525532.000002001751E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1577933294.0000000006588000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1576093941.000000000664A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2034944261.0000000005C3F000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1895410445.0000000005C4C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1646223753.0000000005E68000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1651595245.0000000005C48000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2061821580.0000000005C4E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1595883527.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1642307545.0000000005CDD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1577933294.0000000006588000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1576093941.000000000664A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2034944261.0000000005C3F000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1895410445.0000000005C4C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1646223753.0000000005E68000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1651595245.0000000005C48000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2061821580.0000000005C4E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1595883527.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1642307545.0000000005CDD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1577933294.0000000006588000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1576093941.000000000664A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2034944261.0000000005C3F000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1895410445.0000000005C4C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1646223753.0000000005E68000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1651595245.0000000005C48000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2061821580.0000000005C4E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1595883527.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1642307545.0000000005CDD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000027.00000003.2240336859.0000020015989000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2047286420.0000020016D30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1893048353.0000020016D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2288146106.0000020016D26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2271612586.0000020016D2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000027.00000003.2240336859.0000020015989000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000027.00000003.2240336859.0000020015989000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: firefox.exe, 00000027.00000003.2240336859.0000020015989000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2047286420.0000020016D30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1893048353.0000020016D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2288146106.0000020016D26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2271612586.0000020016D2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000027.00000003.1987471324.000002001B39E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 00000027.00000003.2403028281.000002001F828000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2416872043.000002001F823000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 00000027.00000003.2401787867.000002001BEE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2412407578.000002001BEB5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
Source: firefox.exe, 00000029.00000003.2031086545.000002880BBBF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://firefox.settings.services.mozilla.com/v1
Source: firefox.exe, 00000027.00000003.2240336859.00000200159A7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000027.00000003.2560000631.000002001B2F5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000027.00000003.2393281421.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2475835774.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 00000027.00000003.2393281421.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2475835774.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 00000027.00000003.2393281421.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2475835774.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 00000027.00000003.2393281421.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2475835774.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 00000027.00000003.2393281421.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2475835774.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 00000027.00000003.2393281421.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2475835774.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 00000027.00000003.2393281421.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2475835774.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 00000027.00000003.2560000631.000002001B2F5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000027.00000003.2393281421.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2475835774.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 00000027.00000003.2440457824.00000200215B3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000027.00000003.2393281421.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2475835774.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 00000027.00000003.2560000631.000002001B2F5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000027.00000003.2545471085.000002001BC2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/cfworker
Source: firefox.exe, 00000027.00000003.2383860555.000002002136F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 00000027.00000003.2383860555.000002002136F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 00000027.00000003.1883235512.0000020017300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1888767017.000002001753A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1889124800.0000020017557000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1889563330.0000020017573000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1888525532.000002001751E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com
Source: firefox.exe, 00000027.00000003.2513312990.000002001F9A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2537031544.000002001F9A2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: firefox.exe, 00000029.00000003.2031086545.000002880BBBF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
Source: firefox.exe, 00000027.00000003.2393281421.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2475835774.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: firefox.exe, 00000027.00000003.2400510109.000002001F919000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Zbr4ZHZ4CDa4pbW1CbWfpbY7ReNxR3UIG8zInwYIFIVs9eYi
Source: RageMP131.exe, 00000014.00000002.2099369510.0000000001441000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ipinfo.io/
Source: RageMP131.exe, 00000014.00000002.2099369510.00000000013E8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ipinfo.io/Fi
Source: MPGPH131.exe, 00000007.00000002.2560943444.0000000000CEE000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.1939358806.000000000156C000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2099369510.0000000001441000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ipinfo.io/Mozilla/5.0
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000002.2076238508.0000000000A41000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1484666355.0000000005340000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1532755673.0000000004AC0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2765452640.00000000002A1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000007.00000003.1533495347.0000000004BA0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2549739564.00000000002A1000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000003.1636124507.0000000005320000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.1887520841.00000000008C1000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000014.00000003.1843238183.00000000051C0000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2088902875.00000000008C1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
Source: RageMP131.exe, 00000008.00000002.1939358806.000000000154F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ipinfo.io/i
Source: RageMP131.exe, 00000008.00000002.1939358806.000000000150E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ipinfo.io/s
Source: MPGPH131.exe, 00000007.00000002.2560943444.0000000000CEE000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2560943444.0000000000C90000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.1939358806.000000000154F000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.1939358806.000000000156C000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2099369510.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2099369510.0000000001441000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ipinfo.io/widget/demo/81.181.57.74
Source: RageMP131.exe, 00000008.00000002.1939358806.000000000154F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ipinfo.io/widget/demo/81.181.57.74k
Source: RageMP131.exe, 00000014.00000002.2099369510.00000000013E8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ipinfo.io/widget/demo/81.181.57.74n
Source: RageMP131.exe, 00000014.00000002.2099369510.00000000013E8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ipinfo.io:443/widget/demo/81.181.57.74
Source: RageMP131.exe, 00000008.00000002.1939358806.000000000156C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ipinfo.io:443/widget/demo/81.181.57.74P
Source: MPGPH131.exe, 00000007.00000002.2560943444.0000000000CEE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ipinfo.io:443/widget/demo/81.181.57.74X9
Source: firefox.exe, 00000027.00000003.2549293313.000002001B937000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 00000027.00000003.2513312990.000002001F996000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://json-schema.org/draft/2019-09/schema.
Source: firefox.exe, 00000027.00000003.2513312990.000002001F996000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://json-schema.org/draft/2019-09/schema./
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://json-schema.org/draft/2019-09/schemaresource://gre/modules/JsonSchema.sys.mjs
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://json-schema.org/draft/2020-12/schema
Source: firefox.exe, 00000027.00000003.2513312990.000002001F996000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://json-schema.org/draft/2020-12/schema/
Source: firefox.exe, 00000027.00000003.2513312990.000002001F996000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://json-schema.org/draft/2020-12/schemaInstance
Source: firefox.exe, 00000027.00000003.2559211831.000002001B820000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1989729068.000002001A8E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.live.com
Source: firefox.exe, 00000027.00000003.2559211831.000002001B820000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1989729068.000002001A8E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000027.00000003.2240336859.0000020015989000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2047286420.0000020016D30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1893048353.0000020016D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2288146106.0000020016D26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2271612586.0000020016D2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000027.00000003.2240336859.0000020015989000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2047286420.0000020016D30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1893048353.0000020016D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2288146106.0000020016D26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2271612586.0000020016D2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000027.00000003.2240336859.0000020015989000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000027.00000003.2240336859.0000020015989000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2047286420.0000020016D30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1893048353.0000020016D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2288146106.0000020016D26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2271612586.0000020016D2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000027.00000003.2240336859.0000020015989000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 00000027.00000003.2240336859.00000200159A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2240336859.00000200159C3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 00000027.00000003.2240336859.0000020015989000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2047286420.0000020016D30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1893048353.0000020016D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2288146106.0000020016D26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2271612586.0000020016D2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 00000027.00000003.2240336859.0000020015989000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2047286420.0000020016D30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1893048353.0000020016D33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2288146106.0000020016D26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2271612586.0000020016D2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000027.00000003.2240336859.0000020015989000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 00000027.00000003.2240336859.00000200159A7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000027.00000003.1888525532.000002001751E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000027.00000003.2240336859.00000200159C3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://screenshots.firefox.compd
Source: firefox.exe, 00000027.00000003.2440457824.00000200215B3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000027.00000003.2507147692.00000200212A6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000027.00000003.2491387296.0000020021E48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000027.00000003.2393281421.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2475835774.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 00000027.00000003.2393281421.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2475835774.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 00000027.00000003.2240336859.00000200159A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2501812741.0000020021912000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2240336859.00000200159C3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000027.00000003.2401787867.000002001BEE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2412407578.000002001BEB5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
Source: firefox.exe, 00000027.00000003.2401787867.000002001BEE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2412407578.000002001BEB5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
Source: firefox.exe, 00000027.00000003.1952540052.0000020019CE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2115706194.0000020019CEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2008257223.0000020019CE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2228321706.0000020019CEE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: MPGPH131.exe, 00000007.00000002.2560943444.0000000000D5B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000027.00000003.1987471324.000002001B39E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
Source: firefox.exe, 00000027.00000003.2277107716.000002001AECB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l
Source: RageMP131.exe, 00000008.00000002.1939358806.000000000150E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/RiseProSUPPORT
Source: RageMP131.exe, 00000014.00000002.2099369510.0000000001441000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/risepro_bot
Source: MPGPH131.exe, 00000007.00000002.2560943444.0000000000CEE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/risepro_botRomaniaG2
Source: MPGPH131.exe, 00000007.00000002.2560943444.0000000000CEE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/risepro_botY2
Source: RageMP131.exe, 00000014.00000002.2099369510.0000000001441000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/risepro_botisepro_bot
Source: firefox.exe, 00000027.00000003.1987471324.000002001B39E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000027.00000003.1987471324.000002001B39E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000027.00000003.1987471324.000002001B39E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000027.00000003.1987471324.000002001B39E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 00000027.00000003.2560000631.000002001B2F5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tracking-protection.cdn.mozilla.net
Source: firefox.exe, 00000027.00000003.2529018882.000002002197A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tracking-protection.cdn.mozilla.net/
Source: firefox.exe, 00000027.00000003.2546355697.000002001B9F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tracking-protection.cdn.mozilla.net/ads-track-digest256/118.0/1693227274
Source: firefox.exe, 00000027.00000003.2546355697.000002001B9F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/118.0/1693227274
Source: firefox.exe, 00000027.00000003.2546355697.000002001B9F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/118.0/1693227274
Source: firefox.exe, 00000027.00000003.2546355697.000002001B9F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/118.0/1693227274
Source: firefox.exe, 00000027.00000003.2546355697.000002001B9F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/118.0/1693227274
Source: firefox.exe, 00000027.00000003.2546355697.000002001B9F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/118.0/1693227274
Source: firefox.exe, 00000027.00000003.2546355697.000002001B9F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tracking-protection.cdn.mozilla.net/content-track-digest256/118.0/1693227274
Source: firefox.exe, 00000027.00000003.2546355697.000002001B9F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/118.0/1693227274
Source: firefox.exe, 00000027.00000003.2538913962.000002001F5D3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tracking-protection.cdn.mozilla.net/mozplugin-block-digest256/1604686195
Source: firefox.exe, 00000027.00000003.2546355697.000002001B9F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/118.0/1693227274
Source: firefox.exe, 00000027.00000003.2546355697.000002001B9F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tracking-protection.cdn.mozilla.net/social-track-digest256/118.0/1693227274
Source: firefox.exe, 00000027.00000003.2546355697.000002001B9F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/118.0/1693
Source: firefox.exe, 00000027.00000003.2546355697.000002001B9F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/118.0/1693
Source: firefox.exe, 00000027.00000003.2546355697.000002001B9F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/118.0/16932
Source: firefox.exe, 00000027.00000003.2240336859.00000200159A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2240336859.00000200159C3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000027.00000003.2507147692.00000200212A6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000027.00000003.2552897577.000002001B906000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 00000027.00000003.2552897577.000002001B906000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 00000027.00000003.2548874875.000002001B981000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 00000027.00000003.2507147692.00000200212A6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 00000027.00000003.2540139218.000002001F5A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2475549501.0000020021EF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2461439392.00000200219F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2515891721.000002001F5A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2495701203.00000200219F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2400510109.000002001F919000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_da35efdf7fb6b20d4be6a53f3a5c7579d215346ca6420c02
Source: firefox.exe, 00000027.00000003.1911985701.00000200139B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1888525532.000002001751E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000027.00000003.2552897577.000002001B906000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 00000027.00000003.2552897577.000002001B906000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 00000027.00000003.2548874875.000002001B981000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 00000027.00000003.2560000631.000002001B2DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 00000027.00000003.2548874875.000002001B981000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 00000027.00000003.2560000631.000002001B2DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 00000027.00000003.2520526652.000002001F600000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000027.00000003.2560000631.000002001B2DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 00000027.00000003.2552897577.000002001B906000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ebay.de/
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1577933294.0000000006588000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1576093941.000000000664A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1895410445.0000000005C4C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1646223753.0000000005E68000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1651595245.0000000005C48000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1638857933.0000000000D73000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1608053754.0000000000D61000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1598861889.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1638775970.0000000000D61000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1595883527.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1637417280.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1642307545.0000000005CDD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1597873882.0000000000D79000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: firefox.exe, 00000027.00000003.2475549501.0000020021EF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2461439392.00000200219F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2495701203.00000200219F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2512492000.0000020020E4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2400510109.000002001F919000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2536004477.0000020020E4B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: firefox.exe, 00000027.00000003.2532168987.000002002126D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: firefox.exe, 00000027.00000003.2288146106.0000020016D26000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000027.00000003.1883235512.0000020017300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1888767017.000002001753A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1889124800.0000020017557000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1889563330.0000020017573000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1888525532.000002001751E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1577933294.0000000006588000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1576093941.000000000664A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2034944261.0000000005C3F000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1895410445.0000000005C4C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1646223753.0000000005E68000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1651595245.0000000005C48000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2061821580.0000000005C4E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1595883527.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1642307545.0000000005CDD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000027.00000003.1911985701.00000200139B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.1888525532.000002001751E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000027.00000003.2475549501.0000020021EF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2400510109.000002001F919000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.groupon.com/?utm_source=google&utm_medium=cpc&utm_campaign=us_dt_sea_ggl_txt_smp_sr_cbp_
Source: firefox.exe, 00000027.00000003.2548874875.000002001B981000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 00000027.00000003.2548874875.000002001B981000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 00000027.00000003.2548874875.000002001B981000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.leboncoin.fr/
Source: firefox.exe, 00000027.00000003.2553308884.000002001B8E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2530333761.00000200212D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2501812741.0000020021912000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2506437316.00000200212D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2394735009.00000200212D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2506437316.00000200212D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2441089239.00000200212CE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 00000027.00000003.2549293313.000002001B937000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/
Source: MPGPH131.exe, 00000007.00000002.2560943444.0000000000D5B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.0JoCxlq8ibGr
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: MPGPH131.exe, 00000007.00000002.2560943444.0000000000D5B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.Tgc_vjLFc3HK
Source: MPGPH131.exe, 00000007.00000002.2560943444.0000000000D5B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000027.00000003.2447868408.0000020017D94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: MPGPH131.exe, 00000007.00000002.2560943444.0000000000CEE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000027.00000003.2393281421.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2475835774.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 00000027.00000003.2393281421.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2475835774.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021EAA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: MPGPH131.exe, 00000007.00000002.2560943444.0000000000CEE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/eware3
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1594912347.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1598136009.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1578119925.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1650239381.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1593050843.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1593804226.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1661731813.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1674131667.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1598652884.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1595881025.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.2041161160.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1599464044.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1592113511.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1957495064.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1590148708.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1607892653.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1597059747.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1811506898.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1607245468.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1591362920.0000000006631000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1602528714.0000000006631000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 00000027.00000003.1952540052.0000020019CE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2008257223.0000020019CE1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com
Source: firefox.exe, 00000027.00000003.2552897577.000002001B906000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2548874875.000002001B981000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 00000027.00000003.2511786855.0000020020E99000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000027.00000003.2552897577.000002001B906000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 00000027.00000003.2536004477.0000020020E4B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000022.00000002.1772637061.00000231DC0C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com(
Source: firefox.exe, 00000027.00000003.2536004477.0000020020E4B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000027.00000003.2393281421.0000020021E76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2525501401.0000020021E7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2479090169.0000020021E76000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2397596405.0000020021E76000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/p
Source: firefox.exe, 00000022.00000002.1772637061.00000231DC0C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.comC:
Source: firefox.exe, 00000027.00000003.1987471324.000002001B39E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: firefox.exe, 00000027.00000003.2532823304.00000200211D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2507147692.00000200212A6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://youtube.com

System Summary

barindex
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.2039399612.0000000006E85000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: This is a third-party compiled AutoIt script. memstr_e3a10f8b-7
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.2039399612.0000000006E85000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer memstr_99319674-b
Source: MPGPH131.exe, 00000006.00000003.2382855663.0000000006A11000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: This is a third-party compiled AutoIt script. memstr_6c4cfffb-8
Source: MPGPH131.exe, 00000006.00000003.2382855663.0000000006A11000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer memstr_4de99616-c
Source: MPGPH131.exe, 00000007.00000003.2507254460.00000000063CB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: This is a third-party compiled AutoIt script. memstr_222d6919-c
Source: MPGPH131.exe, 00000007.00000003.2507254460.00000000063CB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer memstr_cbf16adc-2
Source: jQVZ0AI5Ls1YopKhCBc3.exe, 0000000B.00000000.1665997434.0000000000932000.00000002.00000001.01000000.00000008.sdmp String found in binary or memory: This is a third-party compiled AutoIt script. memstr_196ca8d9-7
Source: jQVZ0AI5Ls1YopKhCBc3.exe, 0000000B.00000000.1665997434.0000000000932000.00000002.00000001.01000000.00000008.sdmp String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer memstr_cde2b0cd-5
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Static PE information: section name:
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Static PE information: section name: .idata
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Static PE information: section name:
Source: RageMP131.exe.0.dr Static PE information: section name:
Source: RageMP131.exe.0.dr Static PE information: section name: .idata
Source: RageMP131.exe.0.dr Static PE information: section name:
Source: MPGPH131.exe.0.dr Static PE information: section name:
Source: MPGPH131.exe.0.dr Static PE information: section name: .idata
Source: MPGPH131.exe.0.dr Static PE information: section name:
Source: EdgeMS131.exe.0.dr Static PE information: section name:
Source: EdgeMS131.exe.0.dr Static PE information: section name: .idata
Source: EdgeMS131.exe.0.dr Static PE information: section name:
Source: ladas[1].exe.0.dr Static PE information: section name:
Source: ladas[1].exe.0.dr Static PE information: section name: .idata
Source: ladas[1].exe.0.dr Static PE information: section name:
Source: IDzOFuKIaHRpmM4TfCyF.exe.0.dr Static PE information: section name:
Source: IDzOFuKIaHRpmM4TfCyF.exe.0.dr Static PE information: section name: .idata
Source: IDzOFuKIaHRpmM4TfCyF.exe.0.dr Static PE information: section name:
Source: niks[1].exe.0.dr Static PE information: section name:
Source: niks[1].exe.0.dr Static PE information: section name: .idata
Source: niks[1].exe.0.dr Static PE information: section name:
Source: 4sPiYiirBc4Eg8wqN443.exe.0.dr Static PE information: section name:
Source: 4sPiYiirBc4Eg8wqN443.exe.0.dr Static PE information: section name: .idata
Source: 4sPiYiirBc4Eg8wqN443.exe.0.dr Static PE information: section name:
Source: amert[1].exe.0.dr Static PE information: section name:
Source: amert[1].exe.0.dr Static PE information: section name: .idata
Source: amert[1].exe.0.dr Static PE information: section name:
Source: dHERKKd2xGPyY5Ssqp_N.exe.0.dr Static PE information: section name:
Source: dHERKKd2xGPyY5Ssqp_N.exe.0.dr Static PE information: section name: .idata
Source: dHERKKd2xGPyY5Ssqp_N.exe.0.dr Static PE information: section name:
Source: AdobeUpdaterV131.exe.0.dr Static PE information: section name:
Source: AdobeUpdaterV131.exe.0.dr Static PE information: section name: .idata
Source: AdobeUpdaterV131.exe.0.dr Static PE information: section name:
Source: MSIUpdaterV131.exe.0.dr Static PE information: section name:
Source: MSIUpdaterV131.exe.0.dr Static PE information: section name: .idata
Source: MSIUpdaterV131.exe.0.dr Static PE information: section name:
Source: amert[1].exe.6.dr Static PE information: section name:
Source: amert[1].exe.6.dr Static PE information: section name: .idata
Source: amert[1].exe.6.dr Static PE information: section name:
Source: tkp2xLI98ZeXjg0exnoU.exe.6.dr Static PE information: section name:
Source: tkp2xLI98ZeXjg0exnoU.exe.6.dr Static PE information: section name: .idata
Source: tkp2xLI98ZeXjg0exnoU.exe.6.dr Static PE information: section name:
Source: niks[1].exe.6.dr Static PE information: section name:
Source: niks[1].exe.6.dr Static PE information: section name: .idata
Source: niks[1].exe.6.dr Static PE information: section name:
Source: r3bD9GPTMOGYxgEqy2KG.exe.6.dr Static PE information: section name:
Source: r3bD9GPTMOGYxgEqy2KG.exe.6.dr Static PE information: section name: .idata
Source: r3bD9GPTMOGYxgEqy2KG.exe.6.dr Static PE information: section name:
Source: ladas[1].exe.6.dr Static PE information: section name:
Source: ladas[1].exe.6.dr Static PE information: section name: .idata
Source: ladas[1].exe.6.dr Static PE information: section name:
Source: BzN7a4ewVcXrTgzQjQz2.exe.6.dr Static PE information: section name:
Source: BzN7a4ewVcXrTgzQjQz2.exe.6.dr Static PE information: section name: .idata
Source: BzN7a4ewVcXrTgzQjQz2.exe.6.dr Static PE information: section name:
Source: niks[1].exe.7.dr Static PE information: section name:
Source: niks[1].exe.7.dr Static PE information: section name: .idata
Source: niks[1].exe.7.dr Static PE information: section name:
Source: AqC0xzKsd_7euDTV6SA_.exe.7.dr Static PE information: section name:
Source: AqC0xzKsd_7euDTV6SA_.exe.7.dr Static PE information: section name: .idata
Source: AqC0xzKsd_7euDTV6SA_.exe.7.dr Static PE information: section name:
Source: ladas[1].exe.7.dr Static PE information: section name:
Source: ladas[1].exe.7.dr Static PE information: section name: .idata
Source: ladas[1].exe.7.dr Static PE information: section name:
Source: zFHlx6IqQx3xR1F02yH2.exe.7.dr Static PE information: section name:
Source: zFHlx6IqQx3xR1F02yH2.exe.7.dr Static PE information: section name: .idata
Source: zFHlx6IqQx3xR1F02yH2.exe.7.dr Static PE information: section name:
Source: amert[1].exe.7.dr Static PE information: section name:
Source: amert[1].exe.7.dr Static PE information: section name: .idata
Source: amert[1].exe.7.dr Static PE information: section name:
Source: 7roqVJbvngCJVdY0TyvA.exe.7.dr Static PE information: section name:
Source: 7roqVJbvngCJVdY0TyvA.exe.7.dr Static PE information: section name: .idata
Source: 7roqVJbvngCJVdY0TyvA.exe.7.dr Static PE information: section name:
Source: explorgu.exe.42.dr Static PE information: section name:
Source: explorgu.exe.42.dr Static PE information: section name: .idata
Source: explorgu.exe.42.dr Static PE information: section name:
Source: plaza[1].exe.0.dr Static PE information: section name:
Source: plaza[1].exe.0.dr Static PE information: section name:
Source: plaza[1].exe.0.dr Static PE information: section name:
Source: plaza[1].exe.0.dr Static PE information: section name:
Source: plaza[1].exe.0.dr Static PE information: section name:
Source: plaza[1].exe.0.dr Static PE information: section name:
Source: 3rOLtV34Ut0fTkzynGHi.exe.0.dr Static PE information: section name:
Source: 3rOLtV34Ut0fTkzynGHi.exe.0.dr Static PE information: section name:
Source: 3rOLtV34Ut0fTkzynGHi.exe.0.dr Static PE information: section name:
Source: 3rOLtV34Ut0fTkzynGHi.exe.0.dr Static PE information: section name:
Source: 3rOLtV34Ut0fTkzynGHi.exe.0.dr Static PE information: section name:
Source: 3rOLtV34Ut0fTkzynGHi.exe.0.dr Static PE information: section name:
Source: plaza[1].exe.6.dr Static PE information: section name:
Source: plaza[1].exe.6.dr Static PE information: section name:
Source: plaza[1].exe.6.dr Static PE information: section name:
Source: plaza[1].exe.6.dr Static PE information: section name:
Source: plaza[1].exe.6.dr Static PE information: section name:
Source: plaza[1].exe.6.dr Static PE information: section name:
Source: HhXfzERnI4EYVEjNyANc.exe.6.dr Static PE information: section name:
Source: HhXfzERnI4EYVEjNyANc.exe.6.dr Static PE information: section name:
Source: HhXfzERnI4EYVEjNyANc.exe.6.dr Static PE information: section name:
Source: HhXfzERnI4EYVEjNyANc.exe.6.dr Static PE information: section name:
Source: HhXfzERnI4EYVEjNyANc.exe.6.dr Static PE information: section name:
Source: HhXfzERnI4EYVEjNyANc.exe.6.dr Static PE information: section name:
Source: plaza[1].exe.7.dr Static PE information: section name:
Source: plaza[1].exe.7.dr Static PE information: section name:
Source: plaza[1].exe.7.dr Static PE information: section name:
Source: plaza[1].exe.7.dr Static PE information: section name:
Source: plaza[1].exe.7.dr Static PE information: section name:
Source: plaza[1].exe.7.dr Static PE information: section name:
Source: 8PXzAAoEBuHCTzP4RBWU.exe.7.dr Static PE information: section name:
Source: 8PXzAAoEBuHCTzP4RBWU.exe.7.dr Static PE information: section name:
Source: 8PXzAAoEBuHCTzP4RBWU.exe.7.dr Static PE information: section name:
Source: 8PXzAAoEBuHCTzP4RBWU.exe.7.dr Static PE information: section name:
Source: 8PXzAAoEBuHCTzP4RBWU.exe.7.dr Static PE information: section name:
Source: 8PXzAAoEBuHCTzP4RBWU.exe.7.dr Static PE information: section name:
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002AA400 NtQuerySystemInformation,HeapFree,RtlFreeHeap,RtlAllocateHeap,NtQuerySystemInformation,HeapFree, 6_2_002AA400
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002AA720 NtDuplicateObject,CreateThread,RtlUnicodeStringToAnsiString,TerminateThread, 6_2_002AA720
Source: C:\Users\user\AppData\Local\Temp\heidi3rWvK1xaZKPt\dHERKKd2xGPyY5Ssqp_N.exe File created: C:\Windows\Tasks\explorgu.job
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A4F000 0_2_00A4F000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A68070 0_2_00A68070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A7D840 0_2_00A7D840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A76840 0_2_00A76840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A7A9A0 0_2_00A7A9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A77900 0_2_00A77900
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A6D970 0_2_00A6D970
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A822B0 0_2_00A822B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A64230 0_2_00A64230
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00B2922D 0_2_00B2922D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A6A260 0_2_00A6A260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A70390 0_2_00A70390
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A743E0 0_2_00A743E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A70B10 0_2_00A70B10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A51370 0_2_00A51370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A824F0 0_2_00A824F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00B1A450 0_2_00B1A450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A65590 0_2_00A65590
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A8DDF0 0_2_00A8DDF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A9CDC0 0_2_00A9CDC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A50530 0_2_00A50530
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A6B560 0_2_00A6B560
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A93550 0_2_00A93550
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A94EF0 0_2_00A94EF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A62ED0 0_2_00A62ED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A80600 0_2_00A80600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A92F90 0_2_00A92F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A97F20 0_2_00A97F20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A78F30 0_2_00A78F30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00ABF0A0 0_2_00ABF0A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00ACB800 0_2_00ACB800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00AC4870 0_2_00AC4870
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00ACD070 0_2_00ACD070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A42050 0_2_00A42050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00ACD9B0 0_2_00ACD9B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A9A180 0_2_00A9A180
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A5A100 0_2_00A5A100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A422C0 0_2_00A422C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00B203A0 0_2_00B203A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00B23B28 0_2_00B23B28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00AC0B10 0_2_00AC0B10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A4AB50 0_2_00A4AB50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00AB0420 0_2_00AB0420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00AC1590 0_2_00AC1590
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A6FDC0 0_2_00A6FDC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00B2956F 0_2_00B2956F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00AD1EA0 0_2_00AD1EA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00B3CE31 0_2_00B3CE31
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: 0_2_00A4A720 0_2_00A4A720
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002C8070 6_2_002C8070
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002D6840 6_2_002D6840
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002D7900 6_2_002D7900
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002CD970 6_2_002CD970
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002DA9A0 6_2_002DA9A0
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002C4230 6_2_002C4230
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002CA260 6_2_002CA260
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002D0AB0 6_2_002D0AB0
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002AAB50 6_2_002AAB50
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002D0390 6_2_002D0390
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002D43E0 6_2_002D43E0
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_0037A450 6_2_0037A450
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002CB560 6_2_002CB560
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002C5590 6_2_002C5590
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002C05E0 6_2_002C05E0
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002EDDF0 6_2_002EDDF0
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002E0600 6_2_002E0600
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002AA720 6_2_002AA720
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002D8F30 6_2_002D8F30
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002F2F90 6_2_002F2F90
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_0032B800 6_2_0032B800
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_003BE004 6_2_003BE004
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_00324870 6_2_00324870
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_0032D070 6_2_0032D070
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_003BE074 6_2_003BE074
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002A2050 6_2_002A2050
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_0031F0A0 6_2_0031F0A0
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002BA100 6_2_002BA100
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_0032D9B0 6_2_0032D9B0
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002A22C0 6_2_002A22C0
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_00383B28 6_2_00383B28
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_00320B10 6_2_00320B10
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_003803A0 6_2_003803A0
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_00310380 6_2_00310380
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_0038956F 6_2_0038956F
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_00311D40 6_2_00311D40
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_00321590 6_2_00321590
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_002CFDC0 6_2_002CFDC0
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: 6_2_00331EA0 6_2_00331EA0
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Code function: String function: 003098D0 appears 32 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Code function: String function: 00AA98D0 appears 36 times
Source: ladas[1].exe.0.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: IDzOFuKIaHRpmM4TfCyF.exe.0.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: ladas[1].exe.6.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: BzN7a4ewVcXrTgzQjQz2.exe.6.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: ladas[1].exe.7.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: zFHlx6IqQx3xR1F02yH2.exe.7.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: well[1].exe.6.dr Static PE information: No import functions for PE file found
Source: well[1].exe.6.dr Static PE information: Data appended to the last section found
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000002.2077813674.0000000000B77000.00000004.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameAy3Info.exe0 vs SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1512235538.00000000057DC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameAy3Info.exe0 vs SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe
Source: SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe, 00000000.00000003.1511511560.00000000057D3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameAy3Info.exe0 vs SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: vaultcli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.6766.29781.19786.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: winmm.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: wininet.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: devobj.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: webio.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: schannel.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: wldp.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: vaultcli.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: profapi.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: netutils.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: propsys.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: edputil.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: slc.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: userenv.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: sppc.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: winmm.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: sspicli.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: winhttp.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: wininet.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: mswsock.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: devobj.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: webio.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: iphlpapi.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: winnsi.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: dnsapi.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: rasadhlp.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: fwpuclnt.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: schannel.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: mskeyprotect.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: ntasn1.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: ncrypt.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: ncryptsslp.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: msasn1.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: cryptsp.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: rsaenh.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: cryptbase.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: gpapi.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: vaultcli.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: wintypes.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: windows.storage.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: wldp.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: ntmarta.dll
Source: C:\ProgramData\MPGPH131\MPGPH131.exe Section loaded: dpapi.dll
Source: C:\ProgramData\MPGP