Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_004540C0 CreateFileW,GetLastError,GetLastError,_wprintf,CloseHandle,GetLastError,_wprintf,CloseHandle,CryptCreateHash,CryptReleaseContext,GetLastError,_wprintf,CloseHandle,CryptReleaseContext,ReadFile,CryptHashData,GetLastError,_wprintf,CryptReleaseContext,CryptDestroyHash,CloseHandle,ReadFile,GetLastError,_wprintf,CryptReleaseContext,CryptDestroyHash,CloseHandle,CryptGetHashParam,_wprintf,GetLastError,_wprintf,CryptDestroyHash,CryptReleaseContext,CloseHandle, |
1_2_004540C0 |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_0046DEDA CryptReleaseContext,CloseHandle,GetLastError,_LocaleUpdate::_LocaleUpdate,__isleadbyte_l,__cftof,_strlen,__malloc_crt,DecodePointer,DecodePointer,DecodePointer,__aulldvrm,_write_multi_char,_write_string,_write_multi_char,__cftof,_write_string,_write_string,_write_multi_char,_free, |
1_2_0046DEDA |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C28300 LoadStringW,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,LoadStringW,GetCurrentDirectoryW,_wcscpy,_wcscpy,GetTempPathW,SetCurrentDirectoryW,CreateDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,GetCurrentDirectoryW,_wcscat,GetCurrentDirectoryW,SetCurrentDirectoryW,__time64,__swprintf,CreateDirectoryW,GetFullPathNameW,GetFullPathNameW,SetCurrentDirectoryW,SetCurrentDirectoryW,RemoveDirectoryW,GetCurrentDirectoryW,_wcscat,_wcscpy,_wcscpy,SetCurrentDirectoryW,RemoveDirectoryW,GetModuleFileNameW,__wsplitpath,SetCurrentDirectoryW,RemoveDirectoryW,SetCurrentDirectoryW,RemoveDirectoryW,__fread_nolock,_wcscpy,_wcscat,_wcscat,__swprintf,_wcscpy,SetCurrentDirectoryW,RemoveDirectoryW,SetCurrentDirectoryW,RemoveDirectoryW,_fseek,_fseek,SetCurrentDirectoryW,SetCurrentDirectoryW,RemoveDirectoryW,SetCurrentDirectoryW,RemoveDirectoryW,SetCurrentDirectoryW,RemoveDirectoryW,__aulldiv,GetModuleFileNameW,GetLastError,SetCurrentDirectoryW,SetCurrentDirectoryW,RemoveDirectoryW,SetCurrentDirectoryW,RemoveDirectoryW,SetCurrentDirectoryW,RemoveDirectoryW,GetKeyState,__swprintf,PathIsDirectoryW,_wcscpy,_wcscpy,__swprintf,FindFirstFileW,_wprintf,FindClose,__swprintf,GetConsoleWindow,ShowWindow,SetCurrentDirectoryW,RemoveDirectoryW,_wcscpy,_wcscat,SetCurrentDirectoryW,RemoveDirectoryW,LoadStringW,GetModuleFileNameW,_wcscpy,_wcscat,WideCharToMultiByte,WideCharToMultiByte,GetLastError,SetCurrentDirectoryW,RemoveDirectoryW,LoadStringW,_wcscpy,_wcscat,_wcscat,__swprintf,_wcscpy,SetCurrentDirectoryW,_memset,_memset,__wsplitpath,_wcscpy,_wcscat,_wcscpy,GetCommandLineW,_wcscpy,__swprintf,FindFirstFileW,_wprintf,_wcscpy,__swprintf,FindFirstFileW,_wprintf,FindClose,FindClose,__swprintf,_wcscpy,CreateProcessW,SetCurrentDirectoryW,RemoveDirectoryW, |
0_2_00C28300 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C49722 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__sopen_s,__fstat64i32,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose, |
0_2_00C49722 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C2B640 __swprintf,PathIsDirectoryW,_wcscpy,_wcscpy,__swprintf,FindFirstFileW,_wprintf,FindClose,__swprintf, |
0_2_00C2B640 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C27980 _memset,_wcscpy,__swprintf,FindFirstFileW,FindNextFileW,FindClose,RemoveDirectoryW, |
0_2_00C27980 |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://apache.org/xml/features/validation/dynamic |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://apache.org/xml/features/validation/schema |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking |
Source: ZGWin32LaunchHelper.exe.0.dr, remove.exe.0.dr |
String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://java.sun.com |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://java.sun.com/jaxb/xjc/dummy-elements |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://java.sun.com/xml/jaxb |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://java.sun.com/xml/ns/jaxb |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://java.sun.com/xml/ns/jaxb/xjc |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://java.sun.com/xml/ns/relaxng/java-datatypes |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://jaxb.dev.java.net |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://jaxb.dev.java.net/ |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://nwalsh.com/xcatalog/1.0 |
Source: ZGWin32LaunchHelper.exe.0.dr, remove.exe.0.dr |
String found in binary or memory: http://ocsp.thawte.com0 |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://relaxng.org/ns/annotation/1.0 |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://relaxng.org/ns/compatibility/annotations/1.0 |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://relaxng.org/ns/compatibility/datatypes/1.0 |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://relaxng.org/ns/structure/0.9 |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://relaxng.org/ns/structure/1.0 |
Source: ZGWin32LaunchHelper.exe.0.dr, remove.exe.0.dr |
String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: ZGWin32LaunchHelper.exe.0.dr, remove.exe.0.dr |
String found in binary or memory: http://s2.symcb.com0 |
Source: ZGWin32LaunchHelper.exe.0.dr, remove.exe.0.dr |
String found in binary or memory: http://sv.symcb.com/sv.crl0f |
Source: ZGWin32LaunchHelper.exe.0.dr, remove.exe.0.dr |
String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: ZGWin32LaunchHelper.exe.0.dr, remove.exe.0.dr |
String found in binary or memory: http://sv.symcd.com0& |
Source: ZGWin32LaunchHelper.exe.0.dr, remove.exe.0.dr |
String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: ZGWin32LaunchHelper.exe.0.dr, remove.exe.0.dr |
String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: ZGWin32LaunchHelper.exe.0.dr, remove.exe.0.dr |
String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://www.dom4j.org/ |
Source: rb7-1-3.exe, rb7-1-3.exe, 00000000.00000003.1685765191.0000000001254000.00000004.00000020.00020000.00000000.sdmp, rb7-1-3.exe, 00000000.00000002.1686351924.0000000001254000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.installanywhere.com |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://www.iso-relax.org/catalog |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://www.iso-relax.org/verifier/filter |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://www.iso-relax.org/verifier/handler |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://www.newyorkfed.org/markets/talf.html. |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://www.osc.gov.on.ca/Media/NewsReleases/2008/nr_20080919_csa-sup-temp-order.jsp |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://www.sec.gov/rules/other/2008/34-58592.pdf |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://www.sun.com/policies/trademarks. |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://www.sun.com/xml/developers/resolver/ |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://www.sun.com/xml/msv/schema |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://www.sun.com/xml/msv/trex-type |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://www.sun.com/xmlns/jaxb/dom4j-location |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://www.sun.com/xmlns/msv/features/panicMode |
Source: ZGWin32LaunchHelper.exe.0.dr, remove.exe.0.dr |
String found in binary or memory: http://www.symauth.com/cps0( |
Source: ZGWin32LaunchHelper.exe.0.dr, remove.exe.0.dr |
String found in binary or memory: http://www.symauth.com/rpa00 |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://www.thaiopensource.com/trex |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://www.xml.gr.jp/relax/core1/relaxCore.dtd |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://www.xml.gr.jp/relax/namespace1/relaxNamespace.dtd |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://www.xml.gr.jp/xmlns/relaxCore |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://www.xml.gr.jp/xmlns/relaxNamespace |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://xml.org/sax/features/namespaces |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://xml.org/sax/features/string-interning |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://xml.org/sax/features/validation |
Source: Resource1.zip.0.dr |
String found in binary or memory: http://xml.org/sax/properties/lexical-handler |
Source: ZGWin32LaunchHelper.exe.0.dr, remove.exe.0.dr |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: ZGWin32LaunchHelper.exe.0.dr, remove.exe.0.dr |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C42277 |
0_2_00C42277 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C408B8 |
0_2_00C408B8 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C3DAC6 |
0_2_00C3DAC6 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C4DE5F |
0_2_00C4DE5F |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C40FE8 |
0_2_00C40FE8 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C4A0C0 |
0_2_00C4A0C0 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C5D035 |
0_2_00C5D035 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C611C3 |
0_2_00C611C3 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C4A16D |
0_2_00C4A16D |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C4B2E3 |
0_2_00C4B2E3 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C4D5C3 |
0_2_00C4D5C3 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C5D5A5 |
0_2_00C5D5A5 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C4A661 |
0_2_00C4A661 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C40605 |
0_2_00C40605 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C5CAC5 |
0_2_00C5CAC5 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C4AA79 |
0_2_00C4AA79 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C5DD21 |
0_2_00C5DD21 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C5ED3F |
0_2_00C5ED3F |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C4AEAE |
0_2_00C4AEAE |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_0046A0F5 |
1_2_0046A0F5 |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_00449D4A |
1_2_00449D4A |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_0047A061 |
1_2_0047A061 |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_00466018 |
1_2_00466018 |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_0045B14E |
1_2_0045B14E |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_004791F9 |
1_2_004791F9 |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_0046718E |
1_2_0046718E |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_0045C341 |
1_2_0045C341 |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_0045A42B |
1_2_0045A42B |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_0047850D |
1_2_0047850D |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_0046650C |
1_2_0046650C |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_00471594 |
1_2_00471594 |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_00466924 |
1_2_00466924 |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_00478A7D |
1_2_00478A7D |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_0046CA29 |
1_2_0046CA29 |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_00459B74 |
1_2_00459B74 |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_00465BC2 |
1_2_00465BC2 |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_00466D59 |
1_2_00466D59 |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_0045ADAC |
1_2_0045ADAC |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_00465EC0 |
1_2_00465EC0 |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_00477F9D |
1_2_00477F9D |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: String function: 00C4D8F0 appears 63 times |
|
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: String function: 00C2AAA0 appears 77 times |
|
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: String function: 00460758 appears 32 times |
|
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: String function: 00442653 appears 43 times |
|
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: String function: 00468020 appears 53 times |
|
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: String function: 0044278B appears 58 times |
|
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: String function: 0047A704 appears 187 times |
|
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: String function: 0045E885 appears 66 times |
|
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_3_012547FB push cs; iretd |
0_3_012547FC |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_3_012547FB push cs; iretd |
0_3_012547FC |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_3_012547FB push cs; iretd |
0_3_012547FC |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_3_012547FB push cs; iretd |
0_3_012547FC |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_3_012547FB push cs; iretd |
0_3_012547FC |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_3_012547FB push cs; iretd |
0_3_012547FC |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_3_012547FB push cs; iretd |
0_3_012547FC |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_3_012547FB push cs; iretd |
0_3_012547FC |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_3_012547FB push cs; iretd |
0_3_012547FC |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C4D935 push ecx; ret |
0_2_00C4D948 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C4BE86 push ecx; ret |
0_2_00C4BE99 |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_00468065 push ecx; ret |
1_2_00468078 |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_0047654C push edi; ret |
1_2_0047654E |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_004765EA push edi; ret |
1_2_004765EC |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_0047A704 push eax; ret |
1_2_0047A722 |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: 1_2_00463BC8 push ecx; ret |
1_2_00463BDB |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
File created: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\resource\win64_32_x64.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
File created: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\resource\iawin64_x64.dll |
Jump to dropped file |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
File created: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\resource\remove.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
File created: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\resource\win64_32.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
File created: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\resource\invoker.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
File created: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\resource\ZGWin32LaunchHelper.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
File created: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\resource\iawin32.dll |
Jump to dropped file |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
File created: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\resource\iawin64.dll |
Jump to dropped file |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
File created: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C4D5C3 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
0_2_00C4D5C3 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\resource\win64_32_x64.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\resource\iawin64_x64.dll |
Jump to dropped file |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\resource\remove.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\resource\win64_32.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\resource\invoker.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\resource\ZGWin32LaunchHelper.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\resource\iawin32.dll |
Jump to dropped file |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\resource\iawin64.dll |
Jump to dropped file |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C28300 LoadStringW,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,LoadStringW,GetCurrentDirectoryW,_wcscpy,_wcscpy,GetTempPathW,SetCurrentDirectoryW,CreateDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,GetCurrentDirectoryW,_wcscat,GetCurrentDirectoryW,SetCurrentDirectoryW,__time64,__swprintf,CreateDirectoryW,GetFullPathNameW,GetFullPathNameW,SetCurrentDirectoryW,SetCurrentDirectoryW,RemoveDirectoryW,GetCurrentDirectoryW,_wcscat,_wcscpy,_wcscpy,SetCurrentDirectoryW,RemoveDirectoryW,GetModuleFileNameW,__wsplitpath,SetCurrentDirectoryW,RemoveDirectoryW,SetCurrentDirectoryW,RemoveDirectoryW,__fread_nolock,_wcscpy,_wcscat,_wcscat,__swprintf,_wcscpy,SetCurrentDirectoryW,RemoveDirectoryW,SetCurrentDirectoryW,RemoveDirectoryW,_fseek,_fseek,SetCurrentDirectoryW,SetCurrentDirectoryW,RemoveDirectoryW,SetCurrentDirectoryW,RemoveDirectoryW,SetCurrentDirectoryW,RemoveDirectoryW,__aulldiv,GetModuleFileNameW,GetLastError,SetCurrentDirectoryW,SetCurrentDirectoryW,RemoveDirectoryW,SetCurrentDirectoryW,RemoveDirectoryW,SetCurrentDirectoryW,RemoveDirectoryW,GetKeyState,__swprintf,PathIsDirectoryW,_wcscpy,_wcscpy,__swprintf,FindFirstFileW,_wprintf,FindClose,__swprintf,GetConsoleWindow,ShowWindow,SetCurrentDirectoryW,RemoveDirectoryW,_wcscpy,_wcscat,SetCurrentDirectoryW,RemoveDirectoryW,LoadStringW,GetModuleFileNameW,_wcscpy,_wcscat,WideCharToMultiByte,WideCharToMultiByte,GetLastError,SetCurrentDirectoryW,RemoveDirectoryW,LoadStringW,_wcscpy,_wcscat,_wcscat,__swprintf,_wcscpy,SetCurrentDirectoryW,_memset,_memset,__wsplitpath,_wcscpy,_wcscat,_wcscpy,GetCommandLineW,_wcscpy,__swprintf,FindFirstFileW,_wprintf,_wcscpy,__swprintf,FindFirstFileW,_wprintf,FindClose,FindClose,__swprintf,_wcscpy,CreateProcessW,SetCurrentDirectoryW,RemoveDirectoryW, |
0_2_00C28300 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C49722 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__sopen_s,__fstat64i32,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose, |
0_2_00C49722 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C2B640 __swprintf,PathIsDirectoryW,_wcscpy,_wcscpy,__swprintf,FindFirstFileW,_wprintf,FindClose,__swprintf, |
0_2_00C2B640 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: 0_2_00C27980 _memset,_wcscpy,__swprintf,FindFirstFileW,FindNextFileW,FindClose,RemoveDirectoryW, |
0_2_00C27980 |
Source: Resource1.zip.0.dr |
Binary or memory string: "CA492","CP_PROGRAM_MGR","Program Manager ID","Corporate Actions","Corporate Actions","Identifier of the Program Manager. "," ","Equity"," "," "," "," "," "," "," "," ",4,0,"Integer"," "," ",20010924,"30"," "," "," "," "," "," ","Corporate Actions","N", |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: GetWindowLongW,SetTimer,GetDlgItem,SendMessageW,GetDlgItem,SendMessageW,SetDlgItemTextW,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,LoadLibraryW,GetLocaleInfoW,DrawTextW,EndDialog,SHGetMalloc,_memset,LoadStringW,SHBrowseForFolderW,SHGetPathFromIDListW,_wcscpy,EndDialog,@_EH4_CallFilterFunc@8,KillTimer,_wcscpy,KiUserCallbackDispatcher, |
0_2_00C2A4C0 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: IsProcessorFeaturePresent,__call_reportfault,___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson, |
0_2_00C4D10C |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,GetLocaleInfoW, |
0_2_00C5A81A |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: _GetPrimaryLen,EnumSystemLocalesW, |
0_2_00C5AACA |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: EnumSystemLocalesW, |
0_2_00C5AA8A |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
0_2_00C58A76 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW, |
0_2_00C5ABCA |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: _GetPrimaryLen,EnumSystemLocalesW, |
0_2_00C5AB47 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: GetLocaleInfoW, |
0_2_00C58C74 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: EnumSystemLocalesW, |
0_2_00C58C37 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: GetLocaleInfoW, |
0_2_00C5ADBD |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP, |
0_2_00C5AEE5 |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: _memset,_TranslateName,_TranslateName,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s, |
0_2_00C5AFFA |
Source: C:\Users\user\Desktop\rb7-1-3.exe |
Code function: GetLocaleInfoW,_GetPrimaryLen, |
0_2_00C5AF92 |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeW,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement, |
1_2_0046409C |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, |
1_2_004741D7 |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson, |
1_2_0046842D |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free, |
1_2_004737CA |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free, |
1_2_00473BD3 |
Source: C:\Users\user\AppData\Local\Temp\I1711691362\Windows\rb7-1-3.exe |
Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
1_2_00472E26 |