Source: |
Binary string: BTR.pdbGCTL source: mpengine.dll0.0.dr |
Source: |
Binary string: KSLD.pdb source: mpengine.dll0.0.dr |
Source: |
Binary string: MpUpdate.pdbGCTL source: MpUpdate.dll.0.dr |
Source: |
Binary string: MpAzSubmit.pdb source: MpAzSubmit.dll.0.dr |
Source: |
Binary string: MpCmdRun.pdbGCTL source: MpCmdRun.exe0.0.dr |
Source: |
Binary string: C:\Users\Thomas\Desktop\Povlsomware-master\Povlsomware\obj\Debug\Povlsomware.pdb source: jqXe6tttFa.exe |
Source: |
Binary string: MpDetoursCopyAccelerator.pdb source: MpDetoursCopyAccelerator.dll.0.dr |
Source: |
Binary string: KSLDriver.pdbGCTL source: mpengine.dll0.0.dr |
Source: |
Binary string: MsMpEngCP.pdb source: mpengine.dll0.0.dr |
Source: |
Binary string: BTR.pdb source: mpengine.dll0.0.dr |
Source: |
Binary string: MpCmdRun.pdb source: MpCmdRun.exe0.0.dr |
Source: |
Binary string: mpengine.pdb source: mpengine.dll0.0.dr |
Source: |
Binary string: MsMpEngCP.pdbGCTL source: mpengine.dll0.0.dr |
Source: |
Binary string: MpDlpCmd.pdbGCTL source: MpDlpCmd.exe.0.dr |
Source: |
Binary string: MpAzSubmit.pdbOGPS source: MpAzSubmit.dll.0.dr |
Source: |
Binary string: mpengine.pdbOGPS source: mpengine.dll0.0.dr |
Source: |
Binary string: KSLDriver.pdb source: mpengine.dll0.0.dr |
Source: |
Binary string: ProtectionManagement.pdbGCTL source: ProtectionManagement.dll.0.dr |
Source: |
Binary string: MpCommu.pdb source: MpCommu.dll.0.dr |
Source: |
Binary string: MpDetoursCopyAccelerator.pdbGCTL source: MpDetoursCopyAccelerator.dll.0.dr |
Source: |
Binary string: MpUxAgent.pdb source: MpUxAgent.dll.0.dr |
Source: |
Binary string: MpCommu.pdbGCTL source: MpCommu.dll.0.dr |
Source: |
Binary string: offreg.pdbH source: mpengine.dll0.0.dr |
Source: |
Binary string: d:\dbs\el\omr\target\x86\ship\click2run\x-none\Integrator.pdb source: integrator.exe.0.dr |
Source: |
Binary string: ProtectionManagement.pdb source: ProtectionManagement.dll.0.dr |
Source: |
Binary string: MpUxAgent.pdbGCTL source: MpUxAgent.dll.0.dr |
Source: |
Binary string: MsMpEngSvc.pdb source: mpengine.dll0.0.dr |
Source: |
Binary string: MpDlpCmd.pdb source: MpDlpCmd.exe.0.dr |
Source: |
Binary string: MsMpEngSvc.pdbGCTL source: mpengine.dll0.0.dr |
Source: |
Binary string: KSLD.pdbGCTL source: mpengine.dll0.0.dr |
Source: |
Binary string: offreg.pdb source: mpengine.dll0.0.dr |
Source: |
Binary string: d:\dbs\el\omr\target\x86\ship\click2run\x-none\Integrator.pdb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: integrator.exe.0.dr |
Source: |
Binary string: MpUpdate.pdb source: MpUpdate.dll.0.dr |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUpdate.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCommu.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpAzSubmit.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\endpointdlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpEvMsg.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MsMpLics.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\DefenderCSP.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpRtp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpAsDesc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\endpointdlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ProtectionManagement.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpUxAgent.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetoursCopyAccelerator.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDetours.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpClient.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpSenseComm.dll |
Jump to behavior |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.33.134.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.33.134.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.33.134.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.33.134.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.33.134.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.33.134.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.33.134.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.33.134.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.33.134.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.33.134.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.33.134.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.33.134.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.33.134.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.33.134.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.33.134.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.33.134.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.33.134.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.33.134.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.33.134.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: global traffic |
HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Y9Bovd3FB3pfDT2&MD=1VU9cbn4 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /product/235093/ HTTP/1.1Host: primearea.bizConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Y9Bovd3FB3pfDT2&MD=1VU9cbn4 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: integrator.exe.0.dr |
String found in binary or memory: http://127.0.0.1:13556/InsiderSlabBehaviorReportedBuildInsiderSlabBehaviorInsiderSlabBehaviorReporte |
Source: MpCommu.dll.0.dr |
String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest |
Source: MpCommu.dll.0.dr |
String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd |
Source: MpCommu.dll.0.dr |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.carterandcone.coml |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/? |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers8 |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers? |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fontbureau.com/designersG |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.fonts.com |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn/bThe |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn/cThe |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.galapagosdesign.com/DPlease |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.goodfont.co.kr |
Source: mpengine.dll0.0.dr |
String found in binary or memory: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web |
Source: mpengine.dll0.0.dr |
String found in binary or memory: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=webreferrercookieerr_regexperr_stringerr_error |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.jiyu-kobo.co.jp/ |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.sajatypeworks.com |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.sakkal.com |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.sandoll.co.kr |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.tiro.com |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.typography.netD |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.urwpp.deDPlease |
Source: jqXe6tttFa.exe, 00000000.00000002.4137757380.000000001C812000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.zhongyicts.com.cn |
Source: prefs.js.0.dr |
String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417. |
Source: prefs.js.0.dr |
String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta |
Source: prefs.js.0.dr |
String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg |
Source: prefs.js.0.dr |
String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg |
Source: prefs.js.0.dr |
String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi |
Source: integrator.exe.0.dr |
String found in binary or memory: https://nexus.officeapps.live.comhttps://nexusrules.officeapps.live.com |
Source: integrator.exe.0.dr |
String found in binary or memory: https://otelrules.azureedge.net/rules/.bundlesdxhelper.exeFailed |
Source: jqXe6tttFa.exe, 00000000.00000002.4132924740.0000000002521000.00000004.00000800.00020000.00000000.sdmp, jqXe6tttFa.exe, 00000000.00000002.4136818503.000000001AF30000.00000004.00000020.00020000.00000000.sdmp, jqXe6tttFa.exe, 00000000.00000002.4136818503.000000001AF9E000.00000004.00000020.00020000.00000000.sdmp, jqXe6tttFa.exe, 00000000.00000002.4136818503.000000001AFB6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://primearea.biz/product/235093/ |
Source: jqXe6tttFa.exe, 00000000.00000002.4131952380.00000000006FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://primearea.biz/product/235093/.0lnkM |
Source: jqXe6tttFa.exe |
String found in binary or memory: https://primearea.biz/product/235093/3Decrypting... |
Source: jqXe6tttFa.exe, 00000000.00000002.4136818503.000000001AF30000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://primearea.biz/product/235093/5 |
Source: jqXe6tttFa.exe, 00000000.00000002.4136818503.000000001AF9E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://primearea.biz/product/235093/X |
Source: jqXe6tttFa.exe, 00000000.00000002.4136818503.000000001AF30000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://primearea.biz/product/235093/l |
Source: jqXe6tttFa.exe, 00000000.00000002.4136818503.000000001AF30000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://primearea.biz/product/235093/o |
Source: jqXe6tttFa.exe, 00000000.00000002.4136818503.000000001AF30000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://primearea.biz/product/235093/q |
Source: jqXe6tttFa.exe |
String found in binary or memory: https://primearea.biz/product/235093/qSOFTWARE |
Source: jqXe6tttFa.exe, 00000000.00000002.4136818503.000000001AF30000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://primearea.biz/product/235093/w |
Source: jqXe6tttFa.exe, 00000000.00000002.4136818503.000000001AF23000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://primearea.biz/product/235093/xU |
Source: prefs.js.0.dr |
String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94 |
Source: mpengine.dll0.0.dr |
String found in binary or memory: https://www.apple.com/appleca/0 |
Source: prefs.js.0.dr |
String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49744 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49675 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49742 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49672 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49730 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49741 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49730 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49672 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49741 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49742 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49749 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49746 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49747 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49745 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49744 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49749 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49747 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49746 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49745 |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\microsoft\diagnosis\osver.txt.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\microsoft\user account pictures\guest.bmp.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\microsoft\user account pictures\user.bmp.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\microsoft\windows\models\sbcmodel.txt.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\microsoft\windows nt\msscan\welcomescan.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\microsoft\windows defender\platform\4.18.23080.2006-0\thirdpartynotices.txt.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\microsoft\windows\systemdata\s-1-5-18\readonly\lockscreen_z\lockscreen___1024_0768_notdimmed.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\microsoft\windows\systemdata\s-1-5-18\readonly\lockscreen_z\lockscreen___1280_1024_notdimmed.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\appdata\roaming\microsoft\windows\recent\bnagmgsplo.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\appdata\roaming\microsoft\windows\recent\curqnkvoix.docx.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\appdata\roaming\microsoft\windows\recent\efgrwfcuws.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\appdata\roaming\microsoft\windows\recent\jsdngycowy.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\appdata\roaming\microsoft\windows\recent\kataxzvcps.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\appdata\roaming\microsoft\windows\recent\nebfqqywps.docx.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\appdata\roaming\microsoft\windows\recent\nirmekamzh.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\appdata\roaming\microsoft\windows\recent\nwtvcdumob.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\appdata\roaming\microsoft\windows\recent\onbqclyspu.docx.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\appdata\roaming\microsoft\windows\recent\ummbdneqbn.docx.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\appdata\roaming\microsoft\windows\recent\vlzdgukutz.docx.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\appdata\roaming\microsoft\windows\recent\wutjscbcfx.docx.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\appdata\roaming\microsoft\windows\themes\cachedfiles\cachedimage_1280_1024_pos4.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\fqs92o4p.default-release\alternateservices.txt.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\fqs92o4p.default-release\pkcs11.txt.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\fqs92o4p.default-release\sitesecurityservicestate.txt.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\fqs92o4p.default-release\telemetry.failedprofilelocks.txt.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\desktop\jsdngycowy.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\desktop\kataxzvcps.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\desktop\nwtvcdumob.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\desktop\onbqclyspu.docx.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\desktop\ummbdneqbn.docx.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\desktop\vlzdgukutz.docx.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\desktop\onbqclyspu\kataxzvcps.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\desktop\onbqclyspu\onbqclyspu.docx.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\desktop\ummbdneqbn\jsdngycowy.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\desktop\ummbdneqbn\ummbdneqbn.docx.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\desktop\vlzdgukutz\nwtvcdumob.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\desktop\vlzdgukutz\vlzdgukutz.docx.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\documents\jsdngycowy.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\documents\kataxzvcps.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\documents\nwtvcdumob.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\documents\onbqclyspu.docx.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\documents\ummbdneqbn.docx.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\documents\vlzdgukutz.docx.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\documents\onbqclyspu\kataxzvcps.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\documents\onbqclyspu\onbqclyspu.docx.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\documents\ummbdneqbn\jsdngycowy.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\documents\ummbdneqbn\ummbdneqbn.docx.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\documents\vlzdgukutz\nwtvcdumob.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\documents\vlzdgukutz\vlzdgukutz.docx.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\downloads\jsdngycowy.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\downloads\kataxzvcps.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\downloads\nwtvcdumob.jpg.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\downloads\onbqclyspu.docx.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\downloads\ummbdneqbn.docx.rtcrypted |
Jump to behavior |
Source: C:\Users\user\Desktop\jqXe6tttFa.exe |
File created: c:\documents and settings\user\downloads\vlzdgukutz.docx.rtcrypted |
Jump to behavior |
Source: mpengine.dll.0.dr |
Static PE information: Resource name: PACKEDBINARY type: PE32+ executable (native) x86-64, for MS Windows |
Source: mpengine.dll.0.dr |
Static PE information: Resource name: PACKEDBINARY type: PE32+ executable (native) x86-64, for MS Windows |
Source: mpengine.dll.0.dr |
Static PE information: Resource name: PACKEDBINARY type: PE32+ executable (native) x86-64, for MS Windows |
Source: mpengine.dll.0.dr |
Static PE information: Resource name: PACKEDBINARY type: PE32+ executable (GUI) x86-64, for MS Windows |
Source: mpengine.dll.0.dr |
Static PE information: Resource name: PACKEDBINARY type: PE32+ executable (DLL) (console) x86-64, for MS Windows |
Source: mpengine.dll.0.dr |
Static PE information: Resource name: PACKEDBINARY type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
Source: mpengine.dll0.0.dr |
Static PE information: Resource name: PACKEDBINARY type: PE32+ executable (native) x86-64, for MS Windows |
Source: mpengine.dll0.0.dr |
Static PE information: Resource name: PACKEDBINARY type: PE32+ executable (native) x86-64, for MS Windows |
Source: mpengine.dll0.0.dr |
Static PE information: Resource name: PACKEDBINARY type: PE32+ executable (native) x86-64, for MS Windows |
Source: mpengine.dll0.0.dr |
Static PE information: Resource name: PACKEDBINARY type: PE32+ executable (GUI) x86-64, for MS Windows |
Source: mpengine.dll0.0.dr |
Static PE information: Resource name: PACKEDBINARY type: PE32+ executable (DLL) (console) x86-64, for MS Windows |
Source: mpengine.dll0.0.dr |
Static PE information: Resource name: PACKEDBINARY type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
Source: MpUxAgent.dll.0.dr |
Static PE information: Resource name: RT_VERSION type: COM executable for DOS |
Source: mpengine_etw.dll.0.dr |
Static PE information: Resource name: PACKEDBINARY type: PE32+ executable (native) x86-64, for MS Windows |
Source: mpengine_etw.dll.0.dr |
Static PE information: Resource name: PACKEDBINARY type: PE32+ executable (native) x86-64, for MS Windows |
Source: mpengine_etw.dll.0.dr |
Static PE information: Resource name: PACKEDBINARY type: PE32+ executable (native) x86-64, for MS Windows |
Source: mpengine_etw.dll.0.dr |
Static PE information: Resource name: PACKEDBINARY type: PE32+ executable (GUI) x86-64, for MS Windows |
Source: mpengine_etw.dll.0.dr |
Static PE information: Resource name: PACKEDBINARY type: PE32+ executable (DLL) (console) x86-64, for MS Windows |
Source: mpengine_etw.dll.0.dr |
Static PE information: Resource name: PACKEDBINARY type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
Source: MsMpLics.dll.0.dr |
Static PE information: No import functions for PE file found |
Source: MpEvMsg.dll.0.dr |
Static PE information: No import functions for PE file found |
Source: MpAsDesc.dll.0.dr |
Static PE information: No import functions for PE file found |
Source: MsMpLics.dll0.0.dr |
Static PE information: No import functions for PE file found |
Source: MpAsDesc.dll0.0.dr |
Static PE information: No import functions for PE file found |