| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_004804F0 FindFirstFileW,FindClose,GetFileAttributesW, |
0_2_004804F0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00480580 _wcschr,_wcschr,_wcschr,FindFirstFileW,FindClose,_wcschr,FindFirstFileW,FindClose, |
0_2_00480580 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0045E1A0 _wcschr,_wcschr,GetFileAttributesW,FindFirstFileW,FindClose,CoInitialize, |
0_2_0045E1A0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0044D4F0 FindFirstFileW,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,GetLastError,FindFirstFileW,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,__swprintf,FindNextFileW,FindClose, |
0_2_0044D4F0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0044D7F0 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime, |
0_2_0044D7F0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00437AD0 FindFirstFileW,FindNextFileW,FindClose,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindClose, |
0_2_00437AD0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0047BAE0 FindFirstFileW,FindClose,GetFileAttributesW,CreateFileW,WriteFile,WriteFile,WriteFile,CloseHandle, |
0_2_0047BAE0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0044DB30 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z, |
0_2_0044DB30 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0045EE20 GetFullPathNameW,GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,_wcsrchr,_wcsrchr,_wcsncpy,GetTickCount,PeekMessageW,GetTickCount,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError,FindNextFileW,FindClose, |
0_2_0045EE20 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_004804F0 FindFirstFileW,FindClose,GetFileAttributesW, |
2_2_004804F0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00480580 _wcschr,_wcschr,_wcschr,FindFirstFileW,FindClose,_wcschr,FindFirstFileW,FindClose, |
2_2_00480580 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0047BAE0 FindFirstFileW,FindClose,GetFileAttributesW,CreateFileW,WriteFile,WriteFile,WriteFile,CloseHandle, |
2_2_0047BAE0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0045E1A0 _wcschr,_wcschr,GetFileAttributesW,FindFirstFileW,FindClose,CoInitialize, |
2_2_0045E1A0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0044D4F0 FindFirstFileW,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,GetLastError,FindFirstFileW,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,__swprintf,FindNextFileW,FindClose, |
2_2_0044D4F0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0044D7F0 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime, |
2_2_0044D7F0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00437AD0 FindFirstFileW,FindNextFileW,FindClose,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindClose, |
2_2_00437AD0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0044DB30 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z, |
2_2_0044DB30 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0045EE20 GetFullPathNameW,GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,_wcsrchr,_wcsrchr,_wcsncpy,GetTickCount,PeekMessageW,GetTickCount,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError,FindNextFileW,FindClose, |
2_2_0045EE20 |
| Source: piwik[1].js.6.dr |
String found in binary or memory: http://piwik.org |
| Source: piwik[1].js.6.dr |
String found in binary or memory: http://piwik.org/free-software/bsd/ |
| Source: SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe, 00000000.00000002.1820994010.00000000004E3000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe, 00000000.00000002.1821601052.0000000002C30000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://runuo.co.kr/haims_esc/Haims_ESC.exe |
| Source: SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe, 00000000.00000002.1821601052.0000000002C30000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://runuo.co.kr/haims_esc/Haims_ESC.exe$ |
| Source: haims_localconnect[1].htm.6.dr |
String found in binary or memory: http://runuo.kr/wlog/piwik.php?idsite=1 |
| Source: Haims_ESC.exe, Haims_ESC.exe, 00000002.00000002.2975355981.0000000000401000.00000040.00000001.01000000.00000007.sdmp |
String found in binary or memory: https://autohotkey.com |
| Source: SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe, 00000000.00000002.1820994010.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Haims_ESC.exe, 00000002.00000002.2975355981.0000000000401000.00000040.00000001.01000000.00000007.sdmp |
String found in binary or memory: https://autohotkey.comCould |
| Source: piwik[1].js.6.dr |
String found in binary or memory: https://github.com/piwik/piwik/blob/master/js/piwik.js |
| Source: SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe, 00000000.00000002.1821601052.0000000002C30000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://office.runuo.kr/haims_esc/Haims_ESC.exe |
| Source: Haims_ESC.exe, 00000002.00000002.2976395327.0000000002BA0000.00000004.00000020.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000002.2975355981.00000000004E3000.00000040.00000001.01000000.00000007.sdmp |
String found in binary or memory: https://office.runuo.kr:5001/sharing/cx22ddLq1 |
| Source: SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe, 00000000.00000003.1820569878.0000000000AC3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe, 00000000.00000002.1821271566.0000000000AC3000.00000004.00000020.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000002.2978092664.0000000006880000.00000004.00000020.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000002.2975923731.0000000000A7B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://runuo.kr/ |
| Source: Haims_ESC.exe, 00000002.00000002.2975923731.0000000000A7B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://runuo.kr/O |
| Source: Haims_ESC.exe, 00000002.00000002.2975355981.00000000004E3000.00000040.00000001.01000000.00000007.sdmp |
String found in binary or memory: https://runuo.kr/gnu/Haims_ESC/2 |
| Source: Haims_ESC.exe, 00000002.00000002.2976395327.0000000002BA0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://runuo.kr/gnu/Haims_ESC/2= |
| Source: Haims_ESC.exe |
String found in binary or memory: https://runuo.kr/hai |
| Source: Haims_ESC.exe, 00000002.00000002.2976395327.0000000002BA0000.00000004.00000020.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000002.2975355981.00000000004E3000.00000040.00000001.01000000.00000007.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc |
| Source: Haims_ESC.exe, 00000002.00000002.2977100207.0000000003150000.00000004.00000020.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1933080599.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1931229919.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1925136818.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1932090189.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1932134417.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1932826201.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1931843025.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1930888894.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1932231043.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1932179913.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1930939772.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1931152410.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1933030660.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1931436456.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1924489741.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1923754529.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1924897219.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1931289757.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1931094457.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1924950407.0000000006980000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/ |
| Source: Haims_ESC.exe, 00000002.00000002.2975355981.00000000004E3000.00000040.00000001.01000000.00000007.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/#Function_key_user_config |
| Source: Haims_ESC.exe, 00000002.00000002.2976395327.0000000002BA0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/#Function_key_user_config= |
| Source: Haims_ESC.exe, 00000002.00000002.2976395327.0000000002BA0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/= |
| Source: SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe, 00000000.00000002.1821601052.0000000002C30000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe, 00000000.00000003.1820569878.0000000000B10000.00000004.00000020.00020000.00000000.sdmp, Haims_ESC.exe, Haims_ESC.exe, 00000002.00000002.2976395327.0000000002BA0000.00000004.00000020.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000002.2975355981.00000000004E3000.00000040.00000001.01000000.00000007.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/Haims_ESC.exe |
| Source: SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe, 00000000.00000003.1820569878.0000000000AC3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe, 00000000.00000002.1821271566.0000000000AC3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/Haims_ESC.exe32 |
| Source: SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe, 00000000.00000003.1820569878.0000000000AC3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe, 00000000.00000002.1821271566.0000000000AC3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/Haims_ESC.exeP |
| Source: SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe, 00000000.00000003.1820569878.0000000000AC3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe, 00000000.00000002.1821271566.0000000000AC3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/Haims_ESC.exeoY |
| Source: Haims_ESC.exe, 00000002.00000002.2975355981.00000000004E3000.00000040.00000001.01000000.00000007.sdmp, ~DF79F3A13EFF4F3D66.TMP.5.dr, {500D0D6F-FE93-11EE-8C2C-ECF4BBEA1588}.dat.5.dr |
String found in binary or memory: https://runuo.kr/haims_esc/haims_localconnect.php |
| Source: Haims_ESC.exe, 00000002.00000002.2977100207.0000000003150000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/haims_localconnect.php0ahk_exe |
| Source: Haims_ESC.exe, 00000002.00000002.2976395327.0000000002BA0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/haims_localconnect.phpmin |
| Source: Haims_ESC.exe, 00000002.00000002.2975923731.0000000000A45000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/haims_localconnect.phptCookies |
| Source: Haims_ESC.exe |
String found in binary or memory: https://runuo.kr/haims_esc/nosearch/HV41_NoSearch_Inv |
| Source: Haims_ESC.exe, 00000002.00000002.2975355981.00000000004E3000.00000040.00000001.01000000.00000007.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/nosearch/HV41_NoSearch_Invoke.php?CompanyCode=%getCode%&PartNo=%getPtno% |
| Source: Haims_ESC.exe, 00000002.00000002.2976395327.0000000002C14000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/nosearch/HV41_NoSearch_Invoke.php?CompanyCode=%getCode%&PartNo=%getPtno%R |
| Source: Haims_ESC.exe |
String found in binary or memory: https://runuo.kr/haims_esc/nosearch/Hai |
| Source: Haims_ESC.exe, Haims_ESC.exe, 00000002.00000002.2976395327.0000000002C14000.00000004.00000020.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000002.2975355981.00000000004E3000.00000040.00000001.01000000.00000007.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/nosearch/HaimsNoSearch.php?CompanyCode=%strCompanyCode%&PartNo=%UIA_HV41_ |
| Source: Haims_ESC.exe, 00000002.00000002.2976395327.0000000002BA0000.00000004.00000020.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000002.2975355981.00000000004E3000.00000040.00000001.01000000.00000007.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/nosearch/Haims_CompanyCode_check.php?CompanyCode=%cCode% |
| Source: Haims_ESC.exe, 00000002.00000002.2975923731.0000000000A7B000.00000004.00000020.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000002.2975923731.0000000000AB1000.00000004.00000020.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000002.2975923731.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/nosearch/Haims_CompanyCode_check.php?CompanyCode=0 |
| Source: Haims_ESC.exe, 00000002.00000002.2975923731.0000000000AB1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/nosearch/Haims_CompanyCode_check.php?CompanyCode=0eenKey_Use=1 |
| Source: Haims_ESC.exe, Haims_ESC.exe, 00000002.00000002.2975923731.0000000000A7B000.00000004.00000020.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000002.2975355981.00000000004E3000.00000040.00000001.01000000.00000007.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/notice.txt |
| Source: Haims_ESC.exe, 00000002.00000002.2976395327.0000000002BA0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/notice.txtnotice.txt? |
| Source: Haims_ESC.exe, 00000002.00000002.2975355981.00000000004E3000.00000040.00000001.01000000.00000007.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/updater.exe |
| Source: Haims_ESC.exe, 00000002.00000002.2976395327.0000000002BA0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/updater.exeupdater.exe? |
| Source: Haims_ESC.exe, 00000002.00000002.2975923731.00000000009FB000.00000004.00000020.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000002.2976395327.0000000002BA0000.00000004.00000020.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000002.2975355981.00000000004E3000.00000040.00000001.01000000.00000007.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/ver.txt |
| Source: Haims_ESC.exe, 00000002.00000002.2975923731.00000000009FB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/ver.txtl) |
| Source: Haims_ESC.exe, 00000002.00000002.2975923731.00000000009FB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://runuo.kr/haims_esc/ver.txtr( |
| Source: Haims_ESC.exe, 00000002.00000002.2975923731.00000000009FB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://runuo.kr/r) |
| Source: Haims_ESC.exe, 00000002.00000002.2975923731.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://runuo.kr:443/haims_esc/ver.txtXJ |
| Source: Haims_ESC.exe, Haims_ESC.exe, 00000002.00000003.1930994998.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1932980145.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1931481058.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1932642347.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1932881382.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000002.2977100207.0000000003150000.00000004.00000020.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1933080599.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1931229919.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1925136818.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1932090189.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1932134417.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1932826201.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1931843025.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1930888894.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1932231043.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1932179913.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1930939772.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1931152410.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1933030660.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1931436456.0000000006980000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.daum.net/ |
| Source: Haims_ESC.exe, 00000002.00000002.2977100207.0000000003150000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.daum.net/$ |
| Source: Haims_ESC.exe, Haims_ESC.exe, 00000002.00000002.2976395327.0000000002C14000.00000004.00000020.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000002.2975355981.00000000004E3000.00000040.00000001.01000000.00000007.sdmp |
String found in binary or memory: https://www.haims.co.kr/Haims |
| Source: Haims_ESC.exe, 00000002.00000002.2977100207.0000000003150000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.haims.co.kr/HaimsHYUNDAI |
| Source: Haims_ESC.exe, Haims_ESC.exe, 00000002.00000003.1930994998.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1932980145.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1931481058.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1932642347.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1932881382.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1933080599.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1931229919.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1925136818.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1932090189.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1932134417.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1932826201.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1931843025.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1930888894.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1932231043.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1932179913.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1930939772.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1931152410.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1933030660.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1931436456.0000000006980000.00000004.00000800.00020000.00000000.sdmp, Haims_ESC.exe, 00000002.00000003.1924489741.0000000006980000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.naver.com/ |
| Source: Haims_ESC.exe, 00000002.00000002.2977100207.0000000003150000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.naver.com/1110C: |
| Source: Haims_ESC.exe, 00000002.00000002.2977100207.0000000003150000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.naver.com/x |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_004014E4 GlobalUnWire,CloseClipboard,SetTimer,GetTickCount,GetTickCount,KiUserCallbackDispatcher,GetTickCount,GetFocus,TranslateAcceleratorW,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,IsDialogMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,KillTimer,DragQueryFileW,DragFinish,GetTickCount,DragFinish,DragFinish,_wcsncpy,_wcsncpy,GetTickCount,_wcsncpy,GetTickCount,IsDialogMessageW,SetCurrentDirectoryW,TranslateAcceleratorW,TranslateMessage,DispatchMessageW, |
0_2_004014E4 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_004181B0 GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,GetKeyState, |
0_2_004181B0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00414920 __wcsnicmp,__wcsnicmp,GetWindowThreadProcessId,AttachThreadInput,GetKeyboardLayout,GetTickCount,GetCurrentThreadId,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetGUIThreadInfo,GetWindowThreadProcessId,GetTickCount,BlockInput,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,_wcschr,_wcschr,__wcsnicmp,__wcsnicmp,_wcschr,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsicoll,PostMessageW,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,__wcsnicmp,__wcsnicmp,__fassign,PostMessageW,PostMessageW,PostMessageW,__itow,PostMessageW,_free,GetTickCount,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,AttachThreadInput,BlockInput,GetForegroundWindow,GetWindowThreadProcessId, |
0_2_00414920 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00414B96 GetKeyboardLayout,GetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetGUIThreadInfo,GetWindowThreadProcessId,BlockInput,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,_wcschr,_wcschr,__wcsnicmp,_free,GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,AttachThreadInput,BlockInput, |
0_2_00414B96 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00414D66 GetTickCount,GetTickCount,PeekMessageW,GetTickCount,_wcschr,_wcschr,__wcsnicmp,_free,GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,AttachThreadInput,BlockInput, |
0_2_00414D66 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_004014E4 GlobalUnWire,CloseClipboard,SetTimer,GetTickCount,GetTickCount,KiUserCallbackDispatcher,GetTickCount,GetFocus,TranslateAcceleratorW,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,IsDialogMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,KillTimer,DragQueryFileW,DragFinish,GetTickCount,DragFinish,DragFinish,_wcsncpy,_wcsncpy,GetTickCount,_wcsncpy,GetTickCount,IsDialogMessageW,SetCurrentDirectoryW,TranslateAcceleratorW,TranslateMessage,DispatchMessageW, |
2_2_004014E4 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_004181B0 GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,GetKeyState, |
2_2_004181B0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00414920 __wcsnicmp,__wcsnicmp,GetWindowThreadProcessId,AttachThreadInput,GetKeyboardLayout,GetTickCount,GetCurrentThreadId,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetGUIThreadInfo,GetWindowThreadProcessId,GetTickCount,BlockInput,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,_wcschr,_wcschr,__wcsnicmp,__wcsnicmp,_wcschr,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsicoll,PostMessageW,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,__wcsnicmp,__wcsnicmp,__fassign,PostMessageW,PostMessageW,PostMessageW,__itow,PostMessageW,_free,GetTickCount,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,AttachThreadInput,BlockInput,GetForegroundWindow,GetWindowThreadProcessId, |
2_2_00414920 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00414B96 GetKeyboardLayout,GetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetGUIThreadInfo,GetWindowThreadProcessId,BlockInput,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,_wcschr,_wcschr,__wcsnicmp,_free,GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,AttachThreadInput,BlockInput, |
2_2_00414B96 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00414D66 GetTickCount,GetTickCount,PeekMessageW,GetTickCount,_wcschr,_wcschr,__wcsnicmp,_free,GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,AttachThreadInput,BlockInput, |
2_2_00414D66 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00444D60 RegisterClipboardFormatW,SetFocus,ShowWindow,ShowWindow,MoveWindow,GetSysColor,SetBkColor,SetTextColor,GetSysColorBrush,CreateCompatibleDC,SelectObject,BitBlt,SelectObject,DeleteDC,DrawIconEx,ExcludeClipRect,CreateRectRgn,GetClipRgn,GetSysColorBrush,FillRgn,DeleteObject,GetClipBox,FillRect,GetClientRect,MoveWindow,MoveWindow,MoveWindow,InvalidateRect,GetMenu,CheckMenuItem,Shell_NotifyIconW,Shell_NotifyIconW,Shell_NotifyIconW,RegisterClipboardFormatW,inet_ntoa,__itow,NtdllDefWindowProc_W,SendMessageTimeoutW,PostMessageW,SendMessageTimeoutW,PostMessageW,GlobalUnWire,CloseClipboard,GetCurrentProcessId,EnumWindows,SetTimer,PostMessageW,PostMessageW,IsWindow,GetWindowTextW,GetCurrentProcessId, |
0_2_00444D60 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00471450 GetDlgCtrlID,SetTextColor,GetSysColor,SetTextColor,SetBkMode,GetStockObject,GetSysColor,SetBkColor,GetSysColorBrush,GetSysColor,SetBkColor,GetSysColorBrush,SetBkColor,SetBkColor,GetSysColor,SetBkColor,GetSysColorBrush,GetSysColor,SetBkColor,GetSysColorBrush,_memset,DragQueryPoint,ClientToScreen,EnumChildWindows,GetDlgCtrlID,PostMessageW,DragFinish,PostMessageW,NtdllDialogWndProc_W, |
0_2_00471450 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0046F4D0 SetWindowTextW,IsZoomed,IsIconic,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,GetWindowLongW,GetWindowRect,GetClientRect,IsWindowVisible,GetWindowLongW,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,GetDlgCtrlID,SetFocus, |
0_2_0046F4D0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00471450 GetDlgCtrlID,SetTextColor,GetSysColor,SetTextColor,SetBkMode,GetStockObject,GetSysColor,SetBkColor,GetSysColorBrush,GetSysColor,SetBkColor,GetSysColorBrush,SetBkColor,SetBkColor,GetSysColor,SetBkColor,GetSysColorBrush,GetSysColor,SetBkColor,GetSysColorBrush,_memset,DragQueryPoint,ClientToScreen,EnumChildWindows,GetDlgCtrlID,PostMessageW,DragFinish,PostMessageW,NtdllDialogWndProc_W, |
2_2_00471450 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0046F4D0 SetWindowTextW,IsZoomed,IsIconic,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,GetWindowLongW,GetWindowRect,GetClientRect,IsWindowVisible,GetWindowLongW,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,GetDlgCtrlID,SetFocus, |
2_2_0046F4D0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00444D60 RegisterClipboardFormatW,SetFocus,ShowWindow,ShowWindow,MoveWindow,GetSysColor,SetBkColor,SetTextColor,GetSysColorBrush,CreateCompatibleDC,SelectObject,BitBlt,SelectObject,DeleteDC,DrawIconEx,ExcludeClipRect,CreateRectRgn,GetClipRgn,GetSysColorBrush,FillRgn,DeleteObject,GetClipBox,FillRect,GetClientRect,MoveWindow,MoveWindow,MoveWindow,InvalidateRect,GetMenu,CheckMenuItem,Shell_NotifyIconW,Shell_NotifyIconW,Shell_NotifyIconW,RegisterClipboardFormatW,inet_ntoa,__itow,NtdllDefWindowProc_W,SendMessageTimeoutW,PostMessageW,SendMessageTimeoutW,PostMessageW,GlobalUnWire,CloseClipboard,GetCurrentProcessId,EnumWindows,SetTimer,PostMessageW,PostMessageW,IsWindow,GetWindowTextW,GetCurrentProcessId, |
2_2_00444D60 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_004714F6 SendMessageW,PostMessageW,NtdllDialogWndProc_W, |
2_2_004714F6 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00471558 NtdllDialogWndProc_W, |
2_2_00471558 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_004715C3 NtdllDialogWndProc_W, |
2_2_004715C3 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00471CA7 NtdllDialogWndProc_W, |
2_2_00471CA7 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00471D5B NtdllDialogWndProc_W, |
2_2_00471D5B |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00471D12 GetClipBox,FillRect,NtdllDialogWndProc_W, |
2_2_00471D12 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00471D9F FillRect,SetBkColor,GetClassLongW,FillRect,SetTextColor,SendMessageW,SendMessageW,SendMessageW,DrawTextW,SetTextColor,NtdllDialogWndProc_W, |
2_2_00471D9F |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00471EEE NtdllDialogWndProc_W, |
2_2_00471EEE |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00471F16 _memset,ScreenToClient,EnumChildWindows,GetDlgCtrlID,PostMessageW,NtdllDialogWndProc_W, |
2_2_00471F16 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00471FE5 NtdllDialogWndProc_W, |
2_2_00471FE5 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_004014E4 |
0_2_004014E4 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00426070 |
0_2_00426070 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_004A22CD |
0_2_004A22CD |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0042A340 |
0_2_0042A340 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0040D3B0 |
0_2_0040D3B0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0042B4E0 |
0_2_0042B4E0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_004A6509 |
0_2_004A6509 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_004A95EE |
0_2_004A95EE |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00411640 |
0_2_00411640 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0049C648 |
0_2_0049C648 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_004A7655 |
0_2_004A7655 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0040D680 |
0_2_0040D680 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00451760 |
0_2_00451760 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_004A1776 |
0_2_004A1776 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0041F7E4 |
0_2_0041F7E4 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00429780 |
0_2_00429780 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00414920 |
0_2_00414920 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00443A50 |
0_2_00443A50 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00438A90 |
0_2_00438A90 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00411C80 |
0_2_00411C80 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0048DE10 |
0_2_0048DE10 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00426070 |
0_2_00426070 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00401EF4 |
0_2_00401EF4 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00419EA1 |
0_2_00419EA1 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00419EA0 |
0_2_00419EA0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0043BF60 |
0_2_0043BF60 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00412F30 |
0_2_00412F30 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0047EFC0 |
0_2_0047EFC0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_004A5FB8 |
0_2_004A5FB8 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_004014E4 |
2_2_004014E4 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0040D680 |
2_2_0040D680 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00451760 |
2_2_00451760 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00468E60 |
2_2_00468E60 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0043BF60 |
2_2_0043BF60 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00426070 |
2_2_00426070 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_004A22CD |
2_2_004A22CD |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0042A340 |
2_2_0042A340 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0040D3B0 |
2_2_0040D3B0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0042B4E0 |
2_2_0042B4E0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_004A6509 |
2_2_004A6509 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_004A95EE |
2_2_004A95EE |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00411640 |
2_2_00411640 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0049C648 |
2_2_0049C648 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_004A7655 |
2_2_004A7655 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_004A1776 |
2_2_004A1776 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0041F7E4 |
2_2_0041F7E4 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00429780 |
2_2_00429780 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00414920 |
2_2_00414920 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00443A50 |
2_2_00443A50 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00438A90 |
2_2_00438A90 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00497AA0 |
2_2_00497AA0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00411C80 |
2_2_00411C80 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0048DE10 |
2_2_0048DE10 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00426070 |
2_2_00426070 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00401EF4 |
2_2_00401EF4 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00419EA1 |
2_2_00419EA1 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00419EA0 |
2_2_00419EA0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00412F30 |
2_2_00412F30 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0047EFC0 |
2_2_0047EFC0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_004A5FB8 |
2_2_004A5FB8 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: wsock32.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: winmm.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: wininet.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: textshaping.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: iertutil.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: profapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: winhttp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: mswsock.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: winnsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: urlmon.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: srvcli.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: netutils.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: schannel.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: msasn1.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: dpapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: gpapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Section loaded: apphelp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: wsock32.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: winmm.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: wininet.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: textshaping.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: winhttpcom.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: winhttp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: webio.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: mswsock.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: winnsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: schannel.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: msasn1.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: gpapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: iertutil.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: profapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: dpapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: urlmon.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: srvcli.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: netutils.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Section loaded: ieproxy.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Section loaded: wininet.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Section loaded: urlmon.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Section loaded: iertutil.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Section loaded: srvcli.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Section loaded: netutils.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: mpr.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: framedynos.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: srvcli.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: netutils.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: winsta.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: userenv.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\taskkill.exe |
Section loaded: profapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00483940 GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,IsIconic,ShowWindow,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,SetForegroundWindow,SetForegroundWindow,GetForegroundWindow,GetWindow,AttachThreadInput,AttachThreadInput,BringWindowToTop, |
0_2_00483940 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0046C100 GetWindowLongW,GetWindowLongW,GetWindowLongW,__wcsnicmp,__wcsnicmp,__wcsicoll,SetWindowPos,__wcsicoll,__wcsicoll,__wcsnicmp,__wcsicoll,__wcsicoll,__wcsicoll,EnableWindow,__wcsnicmp,__wcsnicmp,__wcsicoll,__wcsicoll,__wcsicoll,__wcsnicmp,MulDiv,MulDiv,__wcsnicmp,MulDiv,MulDiv,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcstoi64,IsWindow,SetParent,SetWindowLongW,SetParent,IsWindowVisible,IsIconic,SetWindowLongW,SetWindowLongW,SetWindowPos,InvalidateRect, |
0_2_0046C100 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00444260 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,_wcsrchr,__wcsicoll,__wcsicoll,__wcsicoll,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,__wcsnicmp,__fassign,__wcsnicmp,_wcsncpy,__fassign,__fassign,__fassign,__fassign,GetDC,DestroyCursor,DeleteObject,DeleteObject,GetIconInfo,DeleteObject,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,_free,_free,_free, |
0_2_00444260 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00473350 SendMessageW,SendMessageW,SendMessageW,GetWindowLongW,IsWindowVisible,IsIconic,GetFocus,GetWindowRect,GetPropW,ShowWindow,GetUpdateRect,SendMessageW,GetWindowLongW,ShowWindow,EnableWindow,GetWindowRect,PtInRect,PtInRect,PtInRect,SetFocus,SendMessageW,SendMessageW,ShowWindow,SetFocus,InvalidateRect,InvalidateRect,InvalidateRect,MapWindowPoints,InvalidateRect, |
0_2_00473350 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0045C320 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,CreateDCW,GetDC,GetPixel,DeleteDC,ReleaseDC,__swprintf, |
0_2_0045C320 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0046F4D0 SetWindowTextW,IsZoomed,IsIconic,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,GetWindowLongW,GetWindowRect,GetClientRect,IsWindowVisible,GetWindowLongW,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,GetDlgCtrlID,SetFocus, |
0_2_0046F4D0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0046F4D0 SetWindowTextW,IsZoomed,IsIconic,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,GetWindowLongW,GetWindowRect,GetClientRect,IsWindowVisible,GetWindowLongW,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,GetDlgCtrlID,SetFocus, |
0_2_0046F4D0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00442760 GetForegroundWindow,IsWindowVisible,GetWindowThreadProcessId,IsZoomed,IsIconic,GetWindowLongW,__swprintf,GetModuleHandleW,GetProcAddress,__swprintf, |
0_2_00442760 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00483810 GetForegroundWindow,IsWindowVisible,IsIconic,ShowWindow, |
0_2_00483810 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00443A50 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,__swprintf,ReleaseDC,SelectObject,DeleteDC,DeleteObject,_free,GetPixel,ReleaseDC, |
0_2_00443A50 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00446B40 GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,WindowFromPoint,EnumChildWindows,_memset,EnumChildWindows,GetClassNameW,EnumChildWindows, |
0_2_00446B40 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00480B70 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen, |
0_2_00480B70 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00480BD0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen, |
0_2_00480BD0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00445CB0 SendMessageW,SendMessageW,SendMessageW,IsWindowVisible,ShowWindow,ShowWindow,IsIconic,ShowWindow,GetForegroundWindow,SetForegroundWindow,SendMessageW, |
0_2_00445CB0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0046F4D0 SetWindowTextW,IsZoomed,IsIconic,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,GetWindowLongW,GetWindowRect,GetClientRect,IsWindowVisible,GetWindowLongW,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,GetDlgCtrlID,SetFocus, |
2_2_0046F4D0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0046F4D0 SetWindowTextW,IsZoomed,IsIconic,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,GetWindowLongW,GetWindowRect,GetClientRect,IsWindowVisible,GetWindowLongW,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,GetDlgCtrlID,SetFocus, |
2_2_0046F4D0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00442760 GetForegroundWindow,IsWindowVisible,GetWindowThreadProcessId,IsZoomed,IsIconic,GetWindowLongW,__swprintf,GetModuleHandleW,GetProcAddress,__swprintf, |
2_2_00442760 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00483940 GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,IsIconic,ShowWindow,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,SetForegroundWindow,SetForegroundWindow,GetForegroundWindow,GetWindow,AttachThreadInput,AttachThreadInput,BringWindowToTop, |
2_2_00483940 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00468E60 MulDiv,MulDiv,MulDiv,_wcschr,__wcsicoll,MulDiv,MulDiv,MulDiv,ReadConsoleOutputAttribute,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,MulDiv,MulDiv,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,_wcschr,DrawTextW,DrawTextW,GetCharABCWidthsW,MulDiv,GetSystemMetrics,GetSystemMetrics,MulDiv,MulDiv,MulDiv,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetWindowLongW,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,CreateWindowExW,CreateWindowExW,CreateWindowExW,CreateWindowExW,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,CreateWindowExW,SendMessageW,CreateWindowExW,SendMessageW,SendMessageW,MulDiv,MulDiv,MulDiv,MoveWindow,SelectObject,ReleaseDC,SendMessageW,SendMessageW,GetClientRect,SetWindowLongW,SendMessageW,SetWindowLongW,MoveWindow,GetWindowRect,SendMessageW,SetWindowPos,GetWindowRect,MapWindowPoints,InvalidateRect,SetWindowPos,SetWindowPos,MapWindowPoints, |
2_2_00468E60 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0046C100 GetWindowLongW,GetWindowLongW,GetWindowLongW,__wcsnicmp,__wcsnicmp,__wcsicoll,SetWindowPos,__wcsicoll,__wcsicoll,__wcsnicmp,__wcsicoll,__wcsicoll,__wcsicoll,EnableWindow,__wcsnicmp,__wcsnicmp,__wcsicoll,__wcsicoll,__wcsicoll,__wcsnicmp,MulDiv,MulDiv,__wcsnicmp,MulDiv,MulDiv,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcstoi64,IsWindow,SetParent,SetWindowLongW,SetParent,IsWindowVisible,IsIconic,SetWindowLongW,SetWindowLongW,SetWindowPos,InvalidateRect, |
2_2_0046C100 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00444260 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,_wcsrchr,__wcsicoll,__wcsicoll,__wcsicoll,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,__wcsnicmp,__fassign,__wcsnicmp,_wcsncpy,__fassign,__fassign,__fassign,__fassign,GetDC,DestroyCursor,DeleteObject,DeleteObject,GetIconInfo,DeleteObject,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,_free,_free,_free, |
2_2_00444260 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00473350 SendMessageW,SendMessageW,SendMessageW,GetWindowLongW,IsWindowVisible,IsIconic,GetFocus,GetWindowRect,GetPropW,ShowWindow,GetUpdateRect,SendMessageW,GetWindowLongW,ShowWindow,EnableWindow,GetWindowRect,PtInRect,PtInRect,PtInRect,SetFocus,SendMessageW,SendMessageW,ShowWindow,SetFocus,InvalidateRect,InvalidateRect,InvalidateRect,MapWindowPoints,InvalidateRect, |
2_2_00473350 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0045C320 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,CreateDCW,GetDC,GetPixel,DeleteDC,ReleaseDC,__swprintf, |
2_2_0045C320 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00483810 GetForegroundWindow,IsWindowVisible,IsIconic,ShowWindow, |
2_2_00483810 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00443A50 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,__swprintf,ReleaseDC,SelectObject,DeleteDC,DeleteObject,_free,GetPixel,ReleaseDC, |
2_2_00443A50 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00446B40 GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,WindowFromPoint,EnumChildWindows,_memset,EnumChildWindows,GetClassNameW,EnumChildWindows, |
2_2_00446B40 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00480B70 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen, |
2_2_00480B70 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00480BD0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen, |
2_2_00480BD0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00445CB0 SendMessageW,SendMessageW,SendMessageW,IsWindowVisible,ShowWindow,ShowWindow,IsIconic,ShowWindow,GetForegroundWindow,SetForegroundWindow,SendMessageW, |
2_2_00445CB0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_004804F0 FindFirstFileW,FindClose,GetFileAttributesW, |
0_2_004804F0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00480580 _wcschr,_wcschr,_wcschr,FindFirstFileW,FindClose,_wcschr,FindFirstFileW,FindClose, |
0_2_00480580 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0045E1A0 _wcschr,_wcschr,GetFileAttributesW,FindFirstFileW,FindClose,CoInitialize, |
0_2_0045E1A0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0044D4F0 FindFirstFileW,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,GetLastError,FindFirstFileW,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,__swprintf,FindNextFileW,FindClose, |
0_2_0044D4F0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0044D7F0 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime, |
0_2_0044D7F0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_00437AD0 FindFirstFileW,FindNextFileW,FindClose,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindClose, |
0_2_00437AD0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0047BAE0 FindFirstFileW,FindClose,GetFileAttributesW,CreateFileW,WriteFile,WriteFile,WriteFile,CloseHandle, |
0_2_0047BAE0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0044DB30 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z, |
0_2_0044DB30 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe |
Code function: 0_2_0045EE20 GetFullPathNameW,GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,_wcsrchr,_wcsrchr,_wcsncpy,GetTickCount,PeekMessageW,GetTickCount,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError,FindNextFileW,FindClose, |
0_2_0045EE20 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_004804F0 FindFirstFileW,FindClose,GetFileAttributesW, |
2_2_004804F0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00480580 _wcschr,_wcschr,_wcschr,FindFirstFileW,FindClose,_wcschr,FindFirstFileW,FindClose, |
2_2_00480580 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0047BAE0 FindFirstFileW,FindClose,GetFileAttributesW,CreateFileW,WriteFile,WriteFile,WriteFile,CloseHandle, |
2_2_0047BAE0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0045E1A0 _wcschr,_wcschr,GetFileAttributesW,FindFirstFileW,FindClose,CoInitialize, |
2_2_0045E1A0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0044D4F0 FindFirstFileW,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,GetLastError,FindFirstFileW,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,__swprintf,FindNextFileW,FindClose, |
2_2_0044D4F0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0044D7F0 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime, |
2_2_0044D7F0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_00437AD0 FindFirstFileW,FindNextFileW,FindClose,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindClose, |
2_2_00437AD0 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0044DB30 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z, |
2_2_0044DB30 |
| Source: C:\Users\user\Desktop\Haims_ESC.exe |
Code function: 2_2_0045EE20 GetFullPathNameW,GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,_wcsrchr,_wcsrchr,_wcsncpy,GetTickCount,PeekMessageW,GetTickCount,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError,FindNextFileW,FindClose, |
2_2_0045EE20 |
