Source: |
Binary string: C:\Users\GT350\source\repos\AtllasRunp\AtllasRunp\obj\Debug\Bienvenida.pdb source: hesaphareketi_1.scr.exe, 00000000.00000002.1400527379.0000000005C20000.00000004.08000000.00040000.00000000.sdmp, hesaphareketi_1.scr.exe, 00000000.00000002.1396824751.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 00000006.00000002.1576509993.0000000003031000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 0000000E.00000002.1661164916.0000000002A23000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb{+Ll0 source: powershell.exe, 0000000F.00000002.1710961806.000000000867F000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Management.Automation.pdbst.resources.dll source: powershell.exe, 00000007.00000002.1584908607.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Windows\System.Management.Automation.pdbpdbion.pdb/: source: powershell.exe, 0000000F.00000002.1703052636.0000000007789000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Management.Automation.pdb source: powershell.exe, 00000002.00000002.1409770708.00000000028E9000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1603996918.000000000762C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1672956754.000000000324F000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000002.00000002.1422525987.000000000807F000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1608334741.000000000861A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000007.00000002.1607940683.00000000085D3000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\System.Management.Automation.pdb source: powershell.exe, 0000000F.00000002.1703052636.00000000077EA000.00000004.00000020.00020000.00000000.sdmp |
Source: hesaphareketi_1.scr.exe, 00000004.00000002.2641024996.00000000031BC000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1662306646.000000000319C000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 00000013.00000002.2639565652.0000000002F8C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://business29.web-hosting.com |
Source: hesaphareketi_1.scr.exe, 00000004.00000002.2636111594.000000000164E000.00000004.00000020.00020000.00000000.sdmp, hesaphareketi_1.scr.exe, 00000004.00000002.2669457268.0000000006A9B000.00000004.00000020.00020000.00000000.sdmp, hesaphareketi_1.scr.exe, 00000004.00000002.2641024996.00000000031C4000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1662306646.00000000031A4000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1680523743.0000000006700000.00000004.00000020.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1680830301.0000000006756000.00000004.00000020.00020000.00000000.sdmp, cbsBVT.exe, 00000013.00000002.2639565652.0000000002F94000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 00000013.00000002.2633915220.0000000001234000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: hesaphareketi_1.scr.exe, 00000004.00000002.2636111594.000000000164E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.2639002089.0000026D5AA00000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1584908607.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1657051554.0000000001490000.00000004.00000020.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1680830301.0000000006756000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1672956754.000000000324F000.00000004.00000020.00020000.00000000.sdmp, cbsBVT.exe, 00000013.00000002.2666704343.000000000683F000.00000004.00000020.00020000.00000000.sdmp, cbsBVT.exe, 00000013.00000002.2633915220.0000000001234000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: powershell.exe, 00000002.00000002.1419457757.0000000007054000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.mi? |
Source: cbsBVT.exe, 0000000B.00000002.1680830301.0000000006756000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.microj |
Source: svchost.exe, 00000005.00000002.2639002089.0000026D5AA00000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.ver) |
Source: hesaphareketi_1.scr.exe, 00000004.00000002.2636111594.000000000164E000.00000004.00000020.00020000.00000000.sdmp, hesaphareketi_1.scr.exe, 00000004.00000002.2641024996.00000000031C4000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1657051554.0000000001490000.00000004.00000020.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1662306646.00000000031A4000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1680830301.0000000006756000.00000004.00000020.00020000.00000000.sdmp, cbsBVT.exe, 00000013.00000002.2639565652.0000000002F94000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 00000013.00000002.2633915220.0000000001234000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0# |
Source: qmgr.db.5.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU |
Source: qmgr.db.5.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n |
Source: qmgr.db.5.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/ |
Source: qmgr.db.5.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567 |
Source: qmgr.db.5.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg |
Source: qmgr.db.5.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe |
Source: edb.log.5.dr |
String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20 |
Source: powershell.exe, 00000002.00000002.1411676726.0000000004BAE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1588730202.0000000005214000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1679690872.00000000056B3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://go.micros |
Source: powershell.exe, 00000002.00000002.1416322622.00000000054D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1599751140.0000000005B36000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1697267398.0000000005FD7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: hesaphareketi_1.scr.exe, 00000004.00000002.2636111594.000000000164E000.00000004.00000020.00020000.00000000.sdmp, hesaphareketi_1.scr.exe, 00000004.00000002.2669457268.0000000006A9B000.00000004.00000020.00020000.00000000.sdmp, hesaphareketi_1.scr.exe, 00000004.00000002.2641024996.00000000031C4000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1662306646.00000000031A4000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1680523743.0000000006700000.00000004.00000020.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1680830301.0000000006756000.00000004.00000020.00020000.00000000.sdmp, cbsBVT.exe, 00000013.00000002.2639565652.0000000002F94000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 00000013.00000002.2633915220.0000000001234000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: hesaphareketi_1.scr.exe, 00000004.00000002.2636111594.000000000164E000.00000004.00000020.00020000.00000000.sdmp, hesaphareketi_1.scr.exe, 00000004.00000002.2641024996.00000000031C4000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1657051554.0000000001490000.00000004.00000020.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1662306646.00000000031A4000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1680830301.0000000006756000.00000004.00000020.00020000.00000000.sdmp, cbsBVT.exe, 00000013.00000002.2639565652.0000000002F94000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 00000013.00000002.2633915220.0000000001234000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.sectigo.com0- |
Source: powershell.exe, 0000000F.00000002.1679690872.00000000050C2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1672956754.000000000324F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000002.00000002.1411676726.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1588730202.0000000004C22000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1679690872.00000000050C2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/ |
Source: powershell.exe, 00000002.00000002.1411676726.0000000004471000.00000004.00000800.00020000.00000000.sdmp, hesaphareketi_1.scr.exe, 00000004.00000002.2641024996.0000000003141000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1588730202.0000000004AD1000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1662306646.000000000312C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1679690872.0000000004F71000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 00000013.00000002.2639565652.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000002.00000002.1411676726.00000000045C8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1588730202.0000000004C22000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1679690872.00000000050C2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/wsdl/ |
Source: powershell.exe, 0000000F.00000002.1679690872.00000000050C2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1672956754.000000000324F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: hesaphareketi_1.scr.exe, 00000000.00000002.1396974953.00000000044F9000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1650972746.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://account.dyn.com/ |
Source: powershell.exe, 00000002.00000002.1411676726.0000000004471000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1588730202.0000000004AD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1679690872.0000000004F71000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lB |
Source: powershell.exe, 0000000F.00000002.1679690872.00000000050C2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/winsvr-2022-pshelp |
Source: hesaphareketi_1.scr.exe, 00000000.00000002.1396974953.00000000044F9000.00000004.00000800.00020000.00000000.sdmp, hesaphareketi_1.scr.exe, 00000004.00000002.2641024996.0000000003141000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1650972746.0000000000402000.00000040.00000400.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1662306646.000000000312C000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 00000013.00000002.2639565652.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.org |
Source: hesaphareketi_1.scr.exe, 00000004.00000002.2641024996.0000000003141000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1662306646.000000000312C000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 00000013.00000002.2639565652.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.org/ |
Source: hesaphareketi_1.scr.exe, 00000004.00000002.2641024996.0000000003141000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1662306646.000000000312C000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 00000013.00000002.2639565652.0000000002F1C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.org/t |
Source: powershell.exe, 0000000F.00000002.1697267398.0000000005FD7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 0000000F.00000002.1697267398.0000000005FD7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 0000000F.00000002.1697267398.0000000005FD7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: edb.log.5.dr |
String found in binary or memory: https://g.live.com/odclientsettings/Prod/C: |
Source: svchost.exe, 00000005.00000003.1397280494.0000026D5AC20000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.dr |
String found in binary or memory: https://g.live.com/odclientsettings/ProdV2/C: |
Source: powershell.exe, 0000000F.00000002.1679690872.00000000050C2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1672956754.000000000324F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: hesaphareketi_1.scr.exe, 00000000.00000002.1396974953.00000000044F9000.00000004.00000800.00020000.00000000.sdmp, hesaphareketi_1.scr.exe, 00000000.00000002.1400665428.0000000005DB0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://github.com/sam210723/goesrecv-monitor/releases/latest |
Source: powershell.exe, 00000002.00000002.1416322622.00000000054D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1599751140.0000000005B36000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1697267398.0000000005FD7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: hesaphareketi_1.scr.exe, 00000004.00000002.2636111594.000000000164E000.00000004.00000020.00020000.00000000.sdmp, hesaphareketi_1.scr.exe, 00000004.00000002.2641024996.00000000031C4000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1657051554.0000000001490000.00000004.00000020.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1662306646.00000000031A4000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 0000000B.00000002.1680830301.0000000006756000.00000004.00000020.00020000.00000000.sdmp, cbsBVT.exe, 00000013.00000002.2639565652.0000000002F94000.00000004.00000800.00020000.00000000.sdmp, cbsBVT.exe, 00000013.00000002.2633915220.0000000001234000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: hesaphareketi_1.scr.exe, 00000000.00000002.1396974953.00000000044F9000.00000004.00000800.00020000.00000000.sdmp, hesaphareketi_1.scr.exe, 00000000.00000002.1400665428.0000000005DB0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://vksdr.com/goesrecv-monitor |
Source: hesaphareketi_1.scr.exe, 00000000.00000002.1395292629.0000000001623000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://wdcp.mi |
Source: C:\Users\user\Desktop\hesaphareketi_1.scr.exe |
Code function: 0_2_01A2CD3C |
0_2_01A2CD3C |
Source: C:\Users\user\Desktop\hesaphareketi_1.scr.exe |
Code function: 0_2_01A2F5B6 |
0_2_01A2F5B6 |
Source: C:\Users\user\Desktop\hesaphareketi_1.scr.exe |
Code function: 0_2_01A2F5B8 |
0_2_01A2F5B8 |
Source: C:\Users\user\Desktop\hesaphareketi_1.scr.exe |
Code function: 0_2_059D7718 |
0_2_059D7718 |
Source: C:\Users\user\Desktop\hesaphareketi_1.scr.exe |
Code function: 0_2_059DCF50 |
0_2_059DCF50 |
Source: C:\Users\user\Desktop\hesaphareketi_1.scr.exe |
Code function: 0_2_059DCF3F |
0_2_059DCF3F |
Source: C:\Users\user\Desktop\hesaphareketi_1.scr.exe |
Code function: 4_2_030A4B10 |
4_2_030A4B10 |
Source: C:\Users\user\Desktop\hesaphareketi_1.scr.exe |
Code function: 4_2_030A3EF8 |
4_2_030A3EF8 |
Source: C:\Users\user\Desktop\hesaphareketi_1.scr.exe |
Code function: 4_2_030A4240 |
4_2_030A4240 |
Source: C:\Users\user\Desktop\hesaphareketi_1.scr.exe |
Code function: 4_2_030ACC98 |
4_2_030ACC98 |
Source: C:\Users\user\Desktop\hesaphareketi_1.scr.exe |
Code function: 4_2_030ACCA8 |
4_2_030ACCA8 |
Source: C:\Users\user\Desktop\hesaphareketi_1.scr.exe |
Code function: 4_2_07084078 |
4_2_07084078 |
Source: C:\Users\user\Desktop\hesaphareketi_1.scr.exe |
Code function: 4_2_07094E20 |
4_2_07094E20 |
Source: C:\Users\user\Desktop\hesaphareketi_1.scr.exe |
Code function: 4_2_0709CE58 |
4_2_0709CE58 |
Source: C:\Users\user\Desktop\hesaphareketi_1.scr.exe |
Code function: 4_2_0709A680 |
4_2_0709A680 |
Source: C:\Users\user\Desktop\hesaphareketi_1.scr.exe |
Code function: 4_2_0709B6C8 |
4_2_0709B6C8 |
Source: C:\Users\user\Desktop\hesaphareketi_1.scr.exe |
Code function: 4_2_0709ADD0 |
4_2_0709ADD0 |
Source: C:\Users\user\Desktop\hesaphareketi_1.scr.exe |
Code function: 4_2_07097440 |
4_2_07097440 |
Source: C:\Users\user\Desktop\hesaphareketi_1.scr.exe |
Code function: 4_2_070919E8 |
4_2_070919E8 |
Source: C:\Users\user\Desktop\hesaphareketi_1.scr.exe |
Code function: 4_2_0709C778 |
4_2_0709C778 |
Source: C:\Users\user\Desktop\hesaphareketi_1.scr.exe |
Code function: 4_2_07091A99 |
4_2_07091A99 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 6_2_0121CD3C |
6_2_0121CD3C |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 6_2_0121F5A8 |
6_2_0121F5A8 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 6_2_0121F5B8 |
6_2_0121F5B8 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_013CA588 |
11_2_013CA588 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_013C4B10 |
11_2_013C4B10 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_013CEB90 |
11_2_013CEB90 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_013CAE10 |
11_2_013CAE10 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_013C3EF8 |
11_2_013C3EF8 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_013C4240 |
11_2_013C4240 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_06C5A8D4 |
11_2_06C5A8D4 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_06C5A5B4 |
11_2_06C5A5B4 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_06C5C058 |
11_2_06C5C058 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_06C5DC10 |
11_2_06C5DC10 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_06C72760 |
11_2_06C72760 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_06C765E0 |
11_2_06C765E0 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_06C7C580 |
11_2_06C7C580 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_06C75598 |
11_2_06C75598 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_06C7B230 |
11_2_06C7B230 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_06C77D70 |
11_2_06C77D70 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_06C77690 |
11_2_06C77690 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_06C7E798 |
11_2_06C7E798 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_06C70040 |
11_2_06C70040 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_06C75CE8 |
11_2_06C75CE8 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_071E3500 |
11_2_071E3500 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 11_2_06C70007 |
11_2_06C70007 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 14_2_00FB4560 |
14_2_00FB4560 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 14_2_00FBCD3C |
14_2_00FBCD3C |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 14_2_00FBF5B8 |
14_2_00FBF5B8 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 14_2_00FBF5A8 |
14_2_00FBF5A8 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 19_2_02D6EAA9 |
19_2_02D6EAA9 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 19_2_02D64B10 |
19_2_02D64B10 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 19_2_02D63EF8 |
19_2_02D63EF8 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 19_2_02D64240 |
19_2_02D64240 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 19_2_02D6AD50 |
19_2_02D6AD50 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 19_2_06D5A8D4 |
19_2_06D5A8D4 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 19_2_06D5A5B4 |
19_2_06D5A5B4 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 19_2_06D5DC10 |
19_2_06D5DC10 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 19_2_06D73460 |
19_2_06D73460 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 19_2_06D7B21F |
19_2_06D7B21F |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 19_2_06D77690 |
19_2_06D77690 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 19_2_06D7E798 |
19_2_06D7E798 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 19_2_06D70040 |
19_2_06D70040 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 19_2_06D70006 |
19_2_06D70006 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 19_2_07123500 |
19_2_07123500 |
Source: C:\Users\user\AppData\Roaming\cbsBVT\cbsBVT.exe |
Code function: 19_2_06D7003B |
19_2_06D7003B |
Source: hesaphareketi_1.scr.exe, 00000000.00000002.1400527379.0000000005C20000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameBienvenida.exe6 vs hesaphareketi_1.scr.exe |
Source: hesaphareketi_1.scr.exe, 00000000.00000002.1396824751.00000000034F1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameBienvenida.exe6 vs hesaphareketi_1.scr.exe |
Source: hesaphareketi_1.scr.exe, 00000000.00000002.1396824751.00000000034F1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilename2379f9fe-9543-4c0b-b671-f5490ed118f9.exe4 vs hesaphareketi_1.scr.exe |
Source: hesaphareketi_1.scr.exe, 00000000.00000002.1395292629.000000000157E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs hesaphareketi_1.scr.exe |
Source: hesaphareketi_1.scr.exe, 00000000.00000002.1396974953.00000000044F9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamegoesrecv.dllB vs hesaphareketi_1.scr.exe |
Source: hesaphareketi_1.scr.exe, 00000000.00000002.1396974953.00000000044F9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilename2379f9fe-9543-4c0b-b671-f5490ed118f9.exe4 vs hesaphareketi_1.scr.exe |
Source: hesaphareketi_1.scr.exe, 00000000.00000000.1378076626.000000000102C000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameStorages.exe2 vs hesaphareketi_1.scr.exe |
Source: hesaphareketi_1.scr.exe, 00000000.00000002.1400665428.0000000005DB0000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenamegoesrecv.dllB vs hesaphareketi_1.scr.exe |
Source: hesaphareketi_1.scr.exe, 00000004.00000002.2633683375.0000000001359000.00000004.00000010.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameUNKNOWN_FILET vs hesaphareketi_1.scr.exe |
Source: hesaphareketi_1.scr.exe |
Binary or memory string: OriginalFilenameStorages.exe2 vs hesaphareketi_1.scr.exe |
Source: 0.2.hesaphareketi_1.scr.exe.5db0000.6.raw.unpack, ConstellationPanel.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.hesaphareketi_1.scr.exe.4661450.2.raw.unpack, cPs8D.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.hesaphareketi_1.scr.exe.4661450.2.raw.unpack, 72CF8egH.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.hesaphareketi_1.scr.exe.4661450.2.raw.unpack, G5CXsdn.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.hesaphareketi_1.scr.exe.4661450.2.raw.unpack, 3uPsILA6U.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 0.2.hesaphareketi_1.scr.exe.4661450.2.raw.unpack, 6oQOw74dfIt.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.hesaphareketi_1.scr.exe.4661450.2.raw.unpack, aMIWm.cs |
Cryptographic APIs: 'CreateDecryptor', 'TransformBlock' |
Source: 0.2.hesaphareketi_1.scr.exe.4661450.2.raw.unpack, 3QjbQ514BDx.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.hesaphareketi_1.scr.exe.4661450.2.raw.unpack, 3QjbQ514BDx.cs |
Cryptographic APIs: 'TransformFinalBlock' |