Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: pleasurecanbesafe.com |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: /7vAficZogD/index.php |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: S-%lu- |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: 40c3273379 |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: Dctooux.exe |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: Startup |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: cmd /C RMDIR /s/q |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: rundll32 |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: Programs |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: %USERPROFILE% |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: cred.dll|clip.dll| |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: http:// |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: https:// |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: /Plugins/ |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: &unit= |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: shell32.dll |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: kernel32.dll |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: GetNativeSystemInfo |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: ProgramData\ |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: AVAST Software |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: Kaspersky Lab |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: Panda Security |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: Doctor Web |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: 360TotalSecurity |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: Bitdefender |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: Norton |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: Sophos |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: Comodo |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: WinDefender |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: 0123456789 |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: Content-Type: multipart/form-data; boundary=---- |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: ------ |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: ?scr=1 |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: Content-Type: application/x-www-form-urlencoded |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: ComputerName |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_ |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: -unicode- |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\ |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: VideoID |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: DefaultSettings.XResolution |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: DefaultSettings.YResolution |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: ProductName |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: CurrentBuild |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: rundll32.exe |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: "taskkill /f /im " |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: " && timeout 1 && del |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: && Exit" |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: " && ren |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: Powershell.exe |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: -executionpolicy remotesigned -File " |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: shutdown -s -t 0 |
Source: 2.2.cmd.exe.60400c8.7.unpack |
String decryptor: random |
Source: KJKJJJECFI.exe, 00000000.00000002.1998842076.0000000005A9D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://c0rl.m |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0 |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0 |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://care-eyes.com/careueyes/v1/analyzer/tj.html?uuid=%s&tm=%I64d&ver=%s&it=%s®=%dhttp://care-e |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://care-eyes.com/careueyes/v1/config/switch.datenablehttp://care-eyes.com/careueyes/v1/config/sw |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://care-eyes.com/careueyes/v1/main/feedback_msg.php?uuid=%s&tm=%I64d&ver=%s&it=%shttp://care-eye |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://care-eyes.com/careueyes/v1/pay/query_license.php&method=leftcodesubscriptionend |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://care-eyes.com/invite/query_rewards.phpid=http://care-eyes.com/invite.html?inv=%s/RtlGetNtVers |
Source: KJKJJJECFI.exe, 00000000.00000002.1998842076.0000000005A9D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.d |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08 |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00 |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: KJKJJJECFI.exe, 00000000.00000002.1998842076.0000000005A9D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicer |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0L |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://s.symcb.com/universal-root.crl0 |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://s.symcd.com06 |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://s2.symcb.com0 |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://sv.symcb.com/sv.crl0a |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://sv.symcd.com0& |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://ts-ocsp.ws.symantec.com0; |
Source: KJKJJJECFI.exe |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005B77000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.0000000005623000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C2F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.info-zip.org/ |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.symauth.com/cps0( |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.symauth.com/rpa00 |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.vmware.com/0 |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.vmware.com/0/ |
Source: KJKJJJECFI.exe |
String found in binary or memory: https://api.myip.la/en?jsonhttp://ip-api.com/jsonhttps://ipv4.ip.nf/me.jsonhttps://freegeoip.app/jso |
Source: KJKJJJECFI.exe |
String found in binary or memory: https://bit.ly/3feVIiY |
Source: Sendevsvc.exe, 00000007.00000003.2228548837.00000000015B0000.00000004.00000020.00020000.00000000.sdmp, Sendevsvc.exe, 00000007.00000003.2228163024.00000000015B0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bit.ly/3feVIiYUEyes |
Source: KJKJJJECFI.exe, 00000000.00000003.1976607989.0000000001A10000.00000004.00000020.00020000.00000000.sdmp, KJKJJJECFI.exe, 00000000.00000002.1997071563.0000000001A07000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bit.ly/3feVIiYfinder |
Source: KJKJJJECFI.exe |
String found in binary or memory: https://care-eyes.com/buy.html?uuid=%s&tm=%I64d&ver=%s&it=%sd |
Source: KJKJJJECFI.exe |
String found in binary or memory: https://care-eyes.com/how-to-use-magicx-feature/%.2fs$ |
Source: KJKJJJECFI.exe, 00000000.00000002.1996673675.000000000126D000.00000002.00000001.01000000.00000003.sdmp, KJKJJJECFI.exe, 00000000.00000000.1973658720.000000000126D000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://care-eyes.com/how-to-use-magicx-feature/%.2fs$8 |
Source: KJKJJJECFI.exe |
String found in binary or memory: https://care-eyes.com/how-to-use-sunrise-sunset-feature/openslider_orange_progressslider_orange_bart |
Source: KJKJJJECFI.exe |
String found in binary or memory: https://care-eyes.com/license-reset.html |
Source: KJKJJJECFI.exe |
String found in binary or memory: https://care-eyes.com/uninstall.htmlcom.careueyes.dimmer.json%s?activate=%dchannelconfig.datupd |
Source: KJKJJJECFI.exe |
String found in binary or memory: https://care-eyes.com/what-is-pomodoro-technique/ |
Source: KJKJJJECFI.exe |
String found in binary or memory: https://care-eyes.com?about |
Source: KJKJJJECFI.exe |
String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html |
Source: KJKJJJECFI.exe, 00000000.00000002.1998842076.0000000005A9D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://d.symcb.co |
Source: KJKJJJECFI.exe |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: KJKJJJECFI.exe |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: KJKJJJECFI.exe |
String found in binary or memory: https://d.symcb.com/rpa0. |
Source: KJKJJJECFI.exe, 00000000.00000002.1998916468.0000000005BCD000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2254182536.000000000566B000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2256315034.0000000004C77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: KJKJJJECFI.exe, 00000000.00000002.1997650869.000000000477C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.math.utah.edu/ |
Source: KJKJJJECFI.exe |
String found in binary or memory: https://www.math.utah.edu/docs/info/regex_1.html |
Source: KJKJJJECFI.exe, 00000000.00000002.1997650869.000000000477C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.math.utah.edu/docs/info/regex_1.html/ |
Source: KJKJJJECFI.exe, 00000000.00000002.1997650869.000000000477C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.math.utah.edu/docs/info/regex_1.html0 |
Source: KJKJJJECFI.exe, 00000000.00000002.1997650869.000000000477C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.math.utah.edu/docs/info/regex_1.htmlU |
Source: KJKJJJECFI.exe, 00000000.00000002.1997650869.000000000477C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.math.utah.edu/docs/info/regex_1.htmlws |
Source: KJKJJJECFI.exe, 00000000.00000002.1997650869.000000000477C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.math.utah.edu/docs/info/regex_1.htmly |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: nvapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: magnification.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: d3d9.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: mscms.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: coloradapterclient.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: pla.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: pdh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: tdh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: wevtapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KJKJJJECFI.exe |
Section loaded: shdocvw.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: winbrand.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: shdocvw.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: bitsproxy.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: linkinfo.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: ntshrui.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: cscapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: aepic.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: twinapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NBFoundation\Sendevsvc.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NBFoundation\Sendevsvc.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NBFoundation\Sendevsvc.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NBFoundation\Sendevsvc.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NBFoundation\Sendevsvc.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NBFoundation\Sendevsvc.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NBFoundation\Sendevsvc.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NBFoundation\Sendevsvc.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NBFoundation\Sendevsvc.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NBFoundation\Sendevsvc.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NBFoundation\Sendevsvc.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NBFoundation\Sendevsvc.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NBFoundation\Sendevsvc.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NBFoundation\Sendevsvc.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: 0.2.KJKJJJECFI.exe.5c0f6ab.7.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 6.2.explorer.exe.4cbac93.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 6.2.explorer.exe.4cba093.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0.2.KJKJJJECFI.exe.5bd3e7a.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 2.2.cmd.exe.56aec93.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 2.2.cmd.exe.56ae093.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0.2.KJKJJJECFI.exe.5c102ab.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 2.2.cmd.exe.5672862.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 6.2.explorer.exe.4c7e862.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |