Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_00409540 CryptUnprotectData,LocalAlloc,LocalFree, |
12_2_00409540 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_004155A0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA, |
12_2_004155A0 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_00406C10 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree, |
12_2_00406C10 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_004094A0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree, |
12_2_004094A0 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_0040BF90 memset,lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcat,lstrcat,PK11_FreeSlot,lstrcat, |
12_2_0040BF90 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_658B6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer, |
12_2_658B6C80 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_65A525B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt, |
12_2_65A525B0 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_65A044C0 PK11_PubEncrypt, |
12_2_65A044C0 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_659D4420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free, |
12_2_659D4420 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_65A04440 PK11_PrivDecrypt, |
12_2_65A04440 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_65A2A730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError, |
12_2_65A2A730 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_659EE6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free, |
12_2_659EE6E0 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_659E8670 PK11_ExportEncryptedPrivKeyInfo, |
12_2_659E8670 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_65A0A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext, |
12_2_65A0A650 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_65A30180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util, |
12_2_65A30180 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_65A043B0 PK11_PubEncryptPKCS1,PR_SetError, |
12_2_65A043B0 |
Source: unknown |
HTTPS traffic detected: 104.26.9.59:443 -> 192.168.2.4:49732 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49733 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.21.42.248:443 -> 192.168.2.4:49758 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 172.67.180.119:443 -> 192.168.2.4:49761 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.21.36.53:443 -> 192.168.2.4:49760 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 18.205.93.0:443 -> 192.168.2.4:49759 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 172.67.218.160:443 -> 192.168.2.4:49767 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.21.82.182:443 -> 192.168.2.4:49766 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 52.216.219.33:443 -> 192.168.2.4:49769 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 45.130.41.108:443 -> 192.168.2.4:49773 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 95.164.45.22:443 -> 192.168.2.4:49781 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 93.186.225.194:443 -> 192.168.2.4:49784 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 93.186.225.194:443 -> 192.168.2.4:49785 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 95.142.206.0:443 -> 192.168.2.4:49787 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 95.142.206.1:443 -> 192.168.2.4:49789 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 95.142.206.2:443 -> 192.168.2.4:49792 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 87.240.190.89:443 -> 192.168.2.4:49795 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.21.63.150:443 -> 192.168.2.4:49804 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 172.67.132.113:443 -> 192.168.2.4:49805 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.21.63.150:443 -> 192.168.2.4:49806 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.21.63.150:443 -> 192.168.2.4:49808 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 23.47.27.74:443 -> 192.168.2.4:49809 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 78.46.229.36:443 -> 192.168.2.4:49810 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 78.46.229.36:443 -> 192.168.2.4:49843 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 78.46.229.36:443 -> 192.168.2.4:49846 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 162.19.138.79:443 -> 192.168.2.4:49851 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49854 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49855 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49867 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49868 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49884 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49885 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.104.85.160:443 -> 192.168.2.4:49886 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 78.46.229.36:443 -> 192.168.2.4:49888 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49893 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49896 version: TLS 1.2 |
Source: |
Binary string: \??\C:\Windows\symbols\exe\Immovables.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A81000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Windows\symbols\exe\Instrumental.pdb source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D79000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mozglue.pdbP source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmp |
Source: |
Binary string: nss3.pdb@ source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2648652506.0000000065ADF000.00000002.00000001.01000000.00000026.sdmp |
Source: |
Binary string: Instrumental.pdb]9 source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D40000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Windows\Instrumental.pdbpdbtal.pdb source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D2C000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000002.2040474083.0000000005188000.00000004.00000800.00020000.00000000.sdmp, g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000002.2305300505.0000000006594000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: \Documents\VS Projects\XFilePumper\obj\Release\XFilePumper.pdb source: i1crvbOZAP.exe, 00000000.00000003.1765747947.0000029626040000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: e[C9C:\dijireluw jecifokig b.pdb source: i1crvbOZAP.exe, 00000000.00000003.1782449752.000002962610F000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1780561393.0000029625ED4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1761238928.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1761238928.0000029626005000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: usymbols\exe\Immovables.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2133356336.0000000000758000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: Age does not matchThe module age and .pdb age do not match. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: mC:\Users\user\Documents\SimpleAdobe\Immovables.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2133356336.0000000000758000.00000004.00000010.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2140687253.0000000000988000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: symsrv.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000C7A000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000037E9000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000C7A000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: Instrumental.pdbmental.pdbpdbtal.pdbtrumental.pdbp source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2133747821.0000000000B3A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Instrumental.pdbUTdd source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D40000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mozglue.pdb source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmp |
Source: |
Binary string: \??\C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.PDB4< source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D40000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\exe\Immovables.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\exe\Immovables.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A81000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: Instrumental.pdb source: i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000000.1838966350.0000000000742000.00000002.00000001.01000000.00000009.sdmp, fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D79000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.PDB source: tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A60000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: symbols\exe\Instrumental.pdb) source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2133747821.0000000000B3A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: \??\C:\Windows\Instrumental.pdb source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D40000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\Release\Winmon.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: Z:\Development\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\x64\Release\XBundlerTlsHelper.pdb source: i1crvbOZAP.exe, i1crvbOZAP.exe, 00000000.00000002.1968244486.00007FF64926D000.00000040.00000001.01000000.00000003.sdmp |
Source: |
Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: ''.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2133356336.0000000000758000.00000004.00000010.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2140687253.0000000000988000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\x64\Release\WinmonFS.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb! source: i1crvbOZAP.exe, 00000000.00000002.1968244486.00007FF6495B3000.00000040.00000001.01000000.00000003.sdmp |
Source: |
Binary string: \??\C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.PDB source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: symsrv.pdbGCTL source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000C7A000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000037E9000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000C7A000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\Release\WinmonFS.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: EfiGuardDxe.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: C:\Users\admin\source\repos\driver-process-monitor-master\x64\Release\WinmonProcessMonitor.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: C:\zugi\ranadafigoh\n.pdb source: i1crvbOZAP.exe, 00000000.00000003.1682502618.0000029625C4C000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1684301773.0000029625C93000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1684301773.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000000.1839020396.0000000000410000.00000002.00000001.01000000.0000000A.sdmp |
Source: |
Binary string: Signature does not matchThe module signature does not match with .pdb signature source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: \??\C:\Windows\Immovables.pdb source: tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A81000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: dbghelp.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: Immovables.pdb source: i1crvbOZAP.exe, 00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp, cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000000.1837512672.00000000005B2000.00000002.00000001.01000000.00000007.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A99000.00000004.00000020.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A81000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Users\user\Documents\SimpleAdobe\Immovables.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A81000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: dbghelp.pdbGCTL source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: \??\C:\Windows\Immovables.pdb(prq source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: Loader.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: C:\Windows\Immovables.pdbpdbles.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: Instrumental.pdb2 source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D79000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mC:\Users\user\Documents\SimpleAdobe\Instrumental.pdbdA source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2133747821.0000000000B3A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: EfiGuardDxe.pdb7 source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2166062465.0000000002B77000.00000040.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\xekuwaziga-duwegoku-xiwefoya\51\ke.pdb source: i1crvbOZAP.exe, 00000000.00000003.1702717873.00000296262CB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1695276080.0000029626011000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C7D000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C84000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701959181.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1698528144.0000029626043000.00000004.00000020.00020000.00000000.sdmp, KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000000.1839069836.0000000000410000.00000002.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000000.1839093609.0000000000410000.00000002.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: m4C:\Windows\Immovables.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2133356336.0000000000758000.00000004.00000010.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2140687253.0000000000988000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: Immovables.pdbH source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B37000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Users\user\Documents\SimpleAdobe\Immovables.pdbyL source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: i1crvbOZAP.exe, i1crvbOZAP.exe, 00000000.00000002.1968244486.00007FF6495B3000.00000040.00000001.01000000.00000003.sdmp |
Source: |
Binary string: Immovables.pdbB source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A99000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: Downloading symbols for [%s] %ssrv*symsrv*http://https://_bad_pdb_file.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: \??\C:\Windows\Immovables.pdb\ source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: Immovables.pdbvables.pdbpdbles.pdbmmovables.pdb@0 source: tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2140687253.0000000000988000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: C:\dijireluw jecifokig b.pdb source: i1crvbOZAP.exe, 00000000.00000003.1782449752.000002962610F000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1780561393.0000029625ED4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1761238928.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1761238928.0000029626005000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\vbox\branch\w64-1.6\out\win.amd64\release\obj\src\VBox\HostDrivers\VBoxDrv\VBoxDrv.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: Drive not readyThis error indicates a .pdb file related failure. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\x64\Release\Winmon.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: m8C:\Windows\Instrumental.pdb source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2133747821.0000000000B3A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: zzz_AsmCodeRange_*FrameDatainvalid string positionstring too long.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: Unable to locate the .pdb file in this location source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: \??\C:\Windows\exe\Instrumental.pdb source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D40000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\exe\Immovables.pdbcu source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: The module signature does not match with .pdb signature. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: .pdb.dbg source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: symbols\exe\Immovables.pdb source: tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2140687253.0000000000988000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: '(EfiGuardDxe.pdbx source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: Immovables.pdbvables.pdbpdbles.pdbmmovables.pdb@` source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2133356336.0000000000758000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: )).pdb source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2133747821.0000000000B3A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: C:\Users\admin\source\repos\driver-process-monitor-master\Release\WinmonProcessMonitor.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: or you do not have access permission to the .pdb location. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: \??\C:\Windows\Immovables.pdbb5[ source: tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A81000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: An Exception happened while downloading the module .pdbPlease open a bug if this is a consistent repro. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\exe\Immovables.pdbizS source: tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A81000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: nss3.pdb source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2648652506.0000000065ADF000.00000002.00000001.01000000.00000026.sdmp |
Source: |
Binary string: m.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2133356336.0000000000758000.00000004.00000010.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2140687253.0000000000988000.00000004.00000010.00020000.00000000.sdmp, fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2133747821.0000000000B3A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000002.2305300505.00000000064C6000.00000004.00000800.00020000.00000000.sdmp, g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000002.2305300505.0000000006651000.00000004.00000800.00020000.00000000.sdmp |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_00412570 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
12_2_00412570 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_0040D1C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
12_2_0040D1C0 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_004015C0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
12_2_004015C0 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_00411650 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose, |
12_2_00411650 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_0040B610 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose, |
12_2_0040B610 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_0040DB60 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA, |
12_2_0040DB60 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_00411B80 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, |
12_2_00411B80 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_0040D540 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
12_2_0040D540 |
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe |
Code function: 12_2_004121F0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen, |
12_2_004121F0 |
Source: Traffic |
Snort IDS: 2049837 ET TROJAN Suspected PrivateLoader Activity (POST) 192.168.2.4:49731 -> 46.226.167.187:80 |
Source: Traffic |
Snort IDS: 2049837 ET TROJAN Suspected PrivateLoader Activity (POST) 192.168.2.4:49802 -> 46.226.167.187:80 |
Source: Traffic |
Snort IDS: 2049837 ET TROJAN Suspected PrivateLoader Activity (POST) 192.168.2.4:49803 -> 46.226.167.187:80 |
Source: Traffic |
Snort IDS: 2044243 ET TROJAN [SEKOIA.IO] Win32/Stealc C2 Check-in 192.168.2.4:49807 -> 185.172.128.26:80 |
Source: Traffic |
Snort IDS: 2044244 ET TROJAN Win32/Stealc Requesting browsers Config from C2 192.168.2.4:49807 -> 185.172.128.26:80 |
Source: Traffic |
Snort IDS: 2044246 ET TROJAN Win32/Stealc Requesting plugins Config from C2 192.168.2.4:49807 -> 185.172.128.26:80 |
Source: Traffic |
Snort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 5.42.65.117:50500 -> 192.168.2.4:49814 |
Source: Traffic |
Snort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 193.233.132.67:50500 -> 192.168.2.4:49815 |
Source: Traffic |
Snort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 5.42.65.117:50500 -> 192.168.2.4:49817 |
Source: Traffic |
Snort IDS: 2049060 ET TROJAN RisePro TCP Heartbeat Packet 192.168.2.4:49814 -> 5.42.65.117:50500 |
Source: Traffic |
Snort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) 192.168.2.4:49819 -> 5.42.65.0:29587 |
Source: Traffic |
Snort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49819 -> 5.42.65.0:29587 |
Source: Traffic |
Snort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 5.42.65.0:29587 -> 192.168.2.4:49819 |
Source: Traffic |
Snort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.4:49814 -> 5.42.65.117:50500 |
Source: Traffic |
Snort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.4:49815 -> 193.233.132.67:50500 |
Source: Traffic |
Snort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.4:49817 -> 5.42.65.117:50500 |
Source: Traffic |
Snort IDS: 2046056 ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) 5.42.65.0:29587 -> 192.168.2.4:49819 |
Source: Traffic |
Snort IDS: 2046267 ET TROJAN [ANY.RUN] RisePro TCP (External IP) 193.233.132.67:50500 -> 192.168.2.4:49815 |
Source: Traffic |
Snort IDS: 2046268 ET TROJAN [ANY.RUN] RisePro TCP v.0.x (Get_settings) 192.168.2.4:49815 -> 193.233.132.67:50500 |
Source: Traffic |
Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.4:49857 -> 193.233.132.56:80 |
Source: Traffic |
Snort IDS: 2856122 ETPRO TROJAN Amadey CnC Response M1 193.233.132.56:80 -> 192.168.2.4:49857 |
Source: Traffic |
Snort IDS: 2044696 ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2 192.168.2.4:49857 -> 193.233.132.56:80 |
Source: Traffic |
Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49862 -> 37.255.238.137:80 |
Source: Traffic |
Snort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 193.233.132.74:58709 -> 192.168.2.4:49863 |
Source: Traffic |
Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49864 -> 37.255.238.137:80 |
Source: Traffic |
Snort IDS: 2046267 ET TROJAN [ANY.RUN] RisePro TCP (External IP) 193.233.132.74:58709 -> 192.168.2.4:49863 |
Source: Traffic |
Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49866 -> 37.255.238.137:80 |
Source: Traffic |
Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49870 -> 37.255.238.137:80 |
Source: Traffic |
Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49871 -> 37.255.238.137:80 |
Source: Traffic |
Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49872 -> 37.255.238.137:80 |
Source: Traffic |
Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49874 -> 37.255.238.137:80 |
Source: Traffic |
Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49875 -> 37.255.238.137:80 |
Source: Traffic |
Snort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.4:49863 -> 193.233.132.74:58709 |
Source: Traffic |
Snort IDS: 2855239 ETPRO TROJAN Win32/Amadey Stealer Activity M4 (POST) 192.168.2.4:49876 -> 193.233.132.56:80 |
Source: Traffic |
Snort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 193.233.132.74:58709 -> 192.168.2.4:49881 |
Source: Traffic |
Snort IDS: 2856151 ETPRO TROJAN Amadey CnC Activity M7 192.168.2.4:49882 -> 193.233.132.56:80 |
Source: Traffic |
Snort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 193.233.132.74:58709 -> 192.168.2.4:49891 |