Source: |
Binary string: _.pdb source: RegSvcs.exe, 00000004.00000002.4477299535.000000000280F000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.4478416946.0000000004F80000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.4478163041.0000000003C01000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: RegSvcs.pdb, source: ctsdvwT.exe, 00000005.00000000.2142766619.0000000000342000.00000002.00000001.01000000.00000007.sdmp, ctsdvwT.exe.4.dr |
Source: |
Binary string: wntdll.pdbUGP source: 62402781, Fiyat Teklif Talebi.pdf.exe, 00000000.00000003.2013710069.00000000043A0000.00000004.00001000.00020000.00000000.sdmp, 62402781, Fiyat Teklif Talebi.pdf.exe, 00000000.00000003.2013148328.0000000004200000.00000004.00001000.00020000.00000000.sdmp, 62402781, Fiyat Teklif Talebi.pdf.exe, 00000003.00000003.2025312823.0000000003CF0000.00000004.00001000.00020000.00000000.sdmp, 62402781, Fiyat Teklif Talebi.pdf.exe, 00000003.00000003.2024412542.0000000003B50000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: wntdll.pdb source: 62402781, Fiyat Teklif Talebi.pdf.exe, 00000000.00000003.2013710069.00000000043A0000.00000004.00001000.00020000.00000000.sdmp, 62402781, Fiyat Teklif Talebi.pdf.exe, 00000000.00000003.2013148328.0000000004200000.00000004.00001000.00020000.00000000.sdmp, 62402781, Fiyat Teklif Talebi.pdf.exe, 00000003.00000003.2025312823.0000000003CF0000.00000004.00001000.00020000.00000000.sdmp, 62402781, Fiyat Teklif Talebi.pdf.exe, 00000003.00000003.2024412542.0000000003B50000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: RegSvcs.pdb source: ctsdvwT.exe, 00000005.00000000.2142766619.0000000000342000.00000002.00000001.01000000.00000007.sdmp, ctsdvwT.exe.4.dr |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_0082DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_0082DBBE |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007FC2A2 FindFirstFileExW, |
0_2_007FC2A2 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_008368EE FindFirstFileW,FindClose, |
0_2_008368EE |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_0083698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, |
0_2_0083698F |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_0082D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0082D076 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_0082D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0082D3A9 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_00839642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00839642 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_0083979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_0083979D |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_00839B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00839B2B |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_00835C97 FindFirstFileW,FindNextFileW,FindClose, |
0_2_00835C97 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_00859576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, |
0_2_00859576 |
Source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 3.2.62402781, Fiyat Teklif Talebi.pdf.exe.11f0000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 4.2.RegSvcs.exe.285020e.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.62402781, Fiyat Teklif Talebi.pdf.exe.3cf0000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 4.2.RegSvcs.exe.284f326.1.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 4.2.RegSvcs.exe.5120000.8.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 4.2.RegSvcs.exe.5120000.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 4.2.RegSvcs.exe.4f80000.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 4.2.RegSvcs.exe.284f326.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 4.2.RegSvcs.exe.4f80ee8.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 4.2.RegSvcs.exe.3c53790.4.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 4.2.RegSvcs.exe.3c53790.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 4.2.RegSvcs.exe.3c05570.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 4.2.RegSvcs.exe.3c06458.3.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 4.2.RegSvcs.exe.4f80000.7.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 4.2.RegSvcs.exe.285020e.2.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 4.2.RegSvcs.exe.4f80ee8.6.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 4.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 4.2.RegSvcs.exe.3c05570.5.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 4.2.RegSvcs.exe.3c06458.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 00000004.00000002.4475963234.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 00000004.00000002.4478825665.0000000005120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 00000003.00000002.2028748340.00000000011F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 00000004.00000002.4478416946.0000000004F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 00000000.00000002.2016173689.0000000003CF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 62402781, Fiyat Teklif Talebi.pdf.exe |
String found in binary or memory: This is a third-party compiled AutoIt script. |
|
Source: 62402781, Fiyat Teklif Talebi.pdf.exe, 00000000.00000000.2004997068.0000000000882000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: This is a third-party compiled AutoIt script. |
memstr_976eb398-3 |
Source: 62402781, Fiyat Teklif Talebi.pdf.exe, 00000000.00000000.2004997068.0000000000882000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
memstr_8c62133b-2 |
Source: 62402781, Fiyat Teklif Talebi.pdf.exe, 00000003.00000002.2028136586.0000000000882000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: This is a third-party compiled AutoIt script. |
memstr_9ff3d474-f |
Source: 62402781, Fiyat Teklif Talebi.pdf.exe, 00000003.00000002.2028136586.0000000000882000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
memstr_463114a5-a |
Source: 62402781, Fiyat Teklif Talebi.pdf.exe |
String found in binary or memory: This is a third-party compiled AutoIt script. |
memstr_2c7e1c25-5 |
Source: 62402781, Fiyat Teklif Talebi.pdf.exe |
String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
memstr_6b0cda2d-6 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007C8060 |
0_2_007C8060 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_00832046 |
0_2_00832046 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_00828298 |
0_2_00828298 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007FE4FF |
0_2_007FE4FF |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007F676B |
0_2_007F676B |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_00854873 |
0_2_00854873 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007CCAF0 |
0_2_007CCAF0 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007ECAA0 |
0_2_007ECAA0 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007DCC39 |
0_2_007DCC39 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007F6DD9 |
0_2_007F6DD9 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007DB119 |
0_2_007DB119 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007C91C0 |
0_2_007C91C0 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007E1394 |
0_2_007E1394 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007E1706 |
0_2_007E1706 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007E781B |
0_2_007E781B |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007D997D |
0_2_007D997D |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007C7920 |
0_2_007C7920 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007E19B0 |
0_2_007E19B0 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007E7A4A |
0_2_007E7A4A |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007E1C77 |
0_2_007E1C77 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007E7CA7 |
0_2_007E7CA7 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007F9EEE |
0_2_007F9EEE |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_0084BE44 |
0_2_0084BE44 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007E1F32 |
0_2_007E1F32 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_01903640 |
0_2_01903640 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 3_2_011E3640 |
3_2_011E3640 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00408C60 |
4_2_00408C60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_0040DC11 |
4_2_0040DC11 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00407C3F |
4_2_00407C3F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00418CCC |
4_2_00418CCC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00406CA0 |
4_2_00406CA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_004028B0 |
4_2_004028B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_0041A4BE |
4_2_0041A4BE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00418244 |
4_2_00418244 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00401650 |
4_2_00401650 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00402F20 |
4_2_00402F20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_004193C4 |
4_2_004193C4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00418788 |
4_2_00418788 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00402F89 |
4_2_00402F89 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00402B90 |
4_2_00402B90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_004073A0 |
4_2_004073A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_0271DCB0 |
4_2_0271DCB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_0271D098 |
4_2_0271D098 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_0271D3E0 |
4_2_0271D3E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_02710FD0 |
4_2_02710FD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_02711030 |
4_2_02711030 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_05FC4938 |
4_2_05FC4938 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_05FCA7B8 |
4_2_05FCA7B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_05FC7BB8 |
4_2_05FC7BB8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_05FCC368 |
4_2_05FCC368 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_05FC0108 |
4_2_05FC0108 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_05FC00F9 |
4_2_05FC00F9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_05FCD478 |
4_2_05FCD478 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_0600161C |
4_2_0600161C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_06001610 |
4_2_06001610 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_060035D0 |
4_2_060035D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_06149360 |
4_2_06149360 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_061458A8 |
4_2_061458A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_061410D0 |
4_2_061410D0 |
Source: 62402781, Fiyat Teklif Talebi.pdf.exe, 00000000.00000003.2013287474.00000000044CD000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamentdll.dllj% vs 62402781, Fiyat Teklif Talebi.pdf.exe |
Source: 62402781, Fiyat Teklif Talebi.pdf.exe, 00000000.00000002.2016173689.0000000003CF0000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilename24eacbb4-825a-4768-ad59-21c6c6ffb60d.exe4 vs 62402781, Fiyat Teklif Talebi.pdf.exe |
Source: 62402781, Fiyat Teklif Talebi.pdf.exe, 00000000.00000003.2013148328.0000000004323000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamentdll.dllj% vs 62402781, Fiyat Teklif Talebi.pdf.exe |
Source: 62402781, Fiyat Teklif Talebi.pdf.exe, 00000003.00000003.2026090146.0000000003C73000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamentdll.dllj% vs 62402781, Fiyat Teklif Talebi.pdf.exe |
Source: 62402781, Fiyat Teklif Talebi.pdf.exe, 00000003.00000003.2024613808.0000000003E1D000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamentdll.dllj% vs 62402781, Fiyat Teklif Talebi.pdf.exe |
Source: 62402781, Fiyat Teklif Talebi.pdf.exe, 00000003.00000002.2028748340.00000000011F0000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilename24eacbb4-825a-4768-ad59-21c6c6ffb60d.exe4 vs 62402781, Fiyat Teklif Talebi.pdf.exe |
Source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 3.2.62402781, Fiyat Teklif Talebi.pdf.exe.11f0000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 4.2.RegSvcs.exe.285020e.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.62402781, Fiyat Teklif Talebi.pdf.exe.3cf0000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 4.2.RegSvcs.exe.284f326.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 4.2.RegSvcs.exe.5120000.8.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 4.2.RegSvcs.exe.5120000.8.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 4.2.RegSvcs.exe.4f80000.7.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 4.2.RegSvcs.exe.284f326.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 4.2.RegSvcs.exe.4f80ee8.6.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 4.2.RegSvcs.exe.3c53790.4.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 4.2.RegSvcs.exe.3c53790.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 4.2.RegSvcs.exe.3c05570.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 4.2.RegSvcs.exe.3c06458.3.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 4.2.RegSvcs.exe.4f80000.7.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 4.2.RegSvcs.exe.285020e.2.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 4.2.RegSvcs.exe.4f80ee8.6.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 4.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 4.2.RegSvcs.exe.3c05570.5.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 4.2.RegSvcs.exe.3c06458.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 00000004.00000002.4475963234.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 00000004.00000002.4478825665.0000000005120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 00000003.00000002.2028748340.00000000011F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 00000004.00000002.4478416946.0000000004F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 00000000.00000002.2016173689.0000000003CF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 4.2.RegSvcs.exe.285020e.2.raw.unpack, WP6RZJql8gZrNhVA9v.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 4.2.RegSvcs.exe.285020e.2.raw.unpack, WP6RZJql8gZrNhVA9v.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 4.2.RegSvcs.exe.4f80ee8.6.raw.unpack, WP6RZJql8gZrNhVA9v.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 4.2.RegSvcs.exe.4f80ee8.6.raw.unpack, WP6RZJql8gZrNhVA9v.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 4.2.RegSvcs.exe.3c53790.4.raw.unpack, WP6RZJql8gZrNhVA9v.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 4.2.RegSvcs.exe.3c53790.4.raw.unpack, WP6RZJql8gZrNhVA9v.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 4.2.RegSvcs.exe.5120000.8.raw.unpack, ZTFEpdjP8zw.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 4.2.RegSvcs.exe.5120000.8.raw.unpack, WnRNxU.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 4.2.RegSvcs.exe.5120000.8.raw.unpack, 2njIk.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 4.2.RegSvcs.exe.5120000.8.raw.unpack, I5ElxL.cs |
Cryptographic APIs: 'CreateDecryptor', 'TransformBlock' |
Source: unknown |
Process created: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe "C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe" |
|
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe" |
|
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Process created: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe "C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe" |
|
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe" |
|
Source: unknown |
Process created: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe "C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe" |
|
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe "C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe" |
|
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe" |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Process created: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe "C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe" |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe" |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: |
Binary string: _.pdb source: RegSvcs.exe, 00000004.00000002.4477299535.000000000280F000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.4478416946.0000000004F80000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.4478163041.0000000003C01000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: RegSvcs.pdb, source: ctsdvwT.exe, 00000005.00000000.2142766619.0000000000342000.00000002.00000001.01000000.00000007.sdmp, ctsdvwT.exe.4.dr |
Source: |
Binary string: wntdll.pdbUGP source: 62402781, Fiyat Teklif Talebi.pdf.exe, 00000000.00000003.2013710069.00000000043A0000.00000004.00001000.00020000.00000000.sdmp, 62402781, Fiyat Teklif Talebi.pdf.exe, 00000000.00000003.2013148328.0000000004200000.00000004.00001000.00020000.00000000.sdmp, 62402781, Fiyat Teklif Talebi.pdf.exe, 00000003.00000003.2025312823.0000000003CF0000.00000004.00001000.00020000.00000000.sdmp, 62402781, Fiyat Teklif Talebi.pdf.exe, 00000003.00000003.2024412542.0000000003B50000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: wntdll.pdb source: 62402781, Fiyat Teklif Talebi.pdf.exe, 00000000.00000003.2013710069.00000000043A0000.00000004.00001000.00020000.00000000.sdmp, 62402781, Fiyat Teklif Talebi.pdf.exe, 00000000.00000003.2013148328.0000000004200000.00000004.00001000.00020000.00000000.sdmp, 62402781, Fiyat Teklif Talebi.pdf.exe, 00000003.00000003.2025312823.0000000003CF0000.00000004.00001000.00020000.00000000.sdmp, 62402781, Fiyat Teklif Talebi.pdf.exe, 00000003.00000003.2024412542.0000000003B50000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: RegSvcs.pdb source: ctsdvwT.exe, 00000005.00000000.2142766619.0000000000342000.00000002.00000001.01000000.00000007.sdmp, ctsdvwT.exe.4.dr |
Source: 4.2.RegSvcs.exe.285020e.2.raw.unpack, WP6RZJql8gZrNhVA9v.cs |
.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)}) |
Source: 4.2.RegSvcs.exe.4f80ee8.6.raw.unpack, WP6RZJql8gZrNhVA9v.cs |
.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)}) |
Source: 4.2.RegSvcs.exe.3c53790.4.raw.unpack, WP6RZJql8gZrNhVA9v.cs |
.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)}) |
Source: 4.2.RegSvcs.exe.5120000.8.raw.unpack, WP6RZJql8gZrNhVA9v.cs |
.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)}) |
Source: 4.2.RegSvcs.exe.3c06458.3.raw.unpack, WP6RZJql8gZrNhVA9v.cs |
.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)}) |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007E0A76 push ecx; ret |
0_2_007E0A89 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_0041C40C push cs; iretd |
4_2_0041C4E2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00423149 push eax; ret |
4_2_00423179 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_0041C50E push cs; iretd |
4_2_0041C4E2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_004231C8 push eax; ret |
4_2_00423179 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_0040E21D push ecx; ret |
4_2_0040E230 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_0041C6BE push ebx; ret |
4_2_0041C6BF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_02714316 pushfd ; iretd |
4_2_02714319 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_05FCFDA3 push 14418B05h; ret |
4_2_05FCFDB3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_05FCFF30 push 18418B05h; ret |
4_2_05FCFF43 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_060025E1 push 10418B05h; ret |
4_2_060025F3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_060014AC push 04418B05h; ret |
4_2_060026E3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_06003270 push 0C418B05h; ret |
4_2_06003283 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_060073F8 pushfd ; retf |
4_2_06007405 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_06003190 push 14418B05h; ret |
4_2_060031C3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_060031D0 push 24418B05h; ret |
4_2_06003223 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_0600BCC1 push es; ret |
4_2_0600BCD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_06145120 push 24418B05h; ret |
4_2_06145133 |
Source: 4.2.RegSvcs.exe.285020e.2.raw.unpack, WP6RZJql8gZrNhVA9v.cs |
High entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'IuVLqWDm5xkXP', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB' |
Source: 4.2.RegSvcs.exe.4f80ee8.6.raw.unpack, WP6RZJql8gZrNhVA9v.cs |
High entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'IuVLqWDm5xkXP', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB' |
Source: 4.2.RegSvcs.exe.3c53790.4.raw.unpack, WP6RZJql8gZrNhVA9v.cs |
High entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'IuVLqWDm5xkXP', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB' |
Source: 4.2.RegSvcs.exe.5120000.8.raw.unpack, WP6RZJql8gZrNhVA9v.cs |
High entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'IuVLqWDm5xkXP', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB' |
Source: 4.2.RegSvcs.exe.3c06458.3.raw.unpack, WP6RZJql8gZrNhVA9v.cs |
High entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'IuVLqWDm5xkXP', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB' |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007DF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput, |
0_2_007DF98E |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_00851C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, |
0_2_00851C41 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear, |
4_2_004019F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2400000 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2399875 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2399766 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2399641 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2399532 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2399407 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2399282 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2399172 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2399063 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2398938 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2398813 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2398688 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2398563 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2398453 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2398344 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2398219 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2398110 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2397985 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2397860 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2397735 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2397610 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2397485 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2397360 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2397235 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2397110 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2396985 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2396860 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2396735 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2396610 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2396485 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2396360 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2396235 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2396110 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2395985 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2395860 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2395735 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2395610 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2395485 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2395360 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2395235 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2395110 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2394985 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2394860 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2394735 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2394610 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2394485 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2394360 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2394235 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2394110 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2393985 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_0082DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_0082DBBE |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007FC2A2 FindFirstFileExW, |
0_2_007FC2A2 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_008368EE FindFirstFileW,FindClose, |
0_2_008368EE |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_0083698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, |
0_2_0083698F |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_0082D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0082D076 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_0082D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0082D3A9 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_00839642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00839642 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_0083979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_0083979D |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_00839B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00839B2B |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_00835C97 FindFirstFileW,FindNextFileW,FindClose, |
0_2_00835C97 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2400000 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2399875 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2399766 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2399641 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2399532 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2399407 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2399282 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2399172 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2399063 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2398938 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2398813 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2398688 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2398563 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2398453 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2398344 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2398219 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2398110 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2397985 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2397860 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2397735 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2397610 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2397485 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2397360 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2397235 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2397110 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2396985 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2396860 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2396735 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2396610 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2396485 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2396360 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2396235 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2396110 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2395985 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2395860 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2395735 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2395610 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2395485 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2395360 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2395235 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2395110 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2394985 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2394860 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2394735 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2394610 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2394485 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2394360 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2394235 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2394110 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 2393985 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear, |
4_2_004019F0 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007E4CE8 mov eax, dword ptr fs:[00000030h] |
0_2_007E4CE8 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_01903530 mov eax, dword ptr fs:[00000030h] |
0_2_01903530 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_019034D0 mov eax, dword ptr fs:[00000030h] |
0_2_019034D0 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_01901ED0 mov eax, dword ptr fs:[00000030h] |
0_2_01901ED0 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 3_2_011E3530 mov eax, dword ptr fs:[00000030h] |
3_2_011E3530 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 3_2_011E34D0 mov eax, dword ptr fs:[00000030h] |
3_2_011E34D0 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 3_2_011E1ED0 mov eax, dword ptr fs:[00000030h] |
3_2_011E1ED0 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007F2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_007F2622 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007E083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_007E083F |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007E09D5 SetUnhandledExceptionFilter, |
0_2_007E09D5 |
Source: C:\Users\user\Desktop\62402781, Fiyat Teklif Talebi.pdf.exe |
Code function: 0_2_007E0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_007E0C21 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
4_2_0040CE09 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
4_2_0040E61C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
4_2_00416F6A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_004123F1 SetUnhandledExceptionFilter, |
4_2_004123F1 |
Source: 62402781, Fiyat Teklif Talebi.pdf.exe |
Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning |
Source: RegSvcs.exe, 00000004.00000002.4477550403.0000000002C7D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.4477550403.0000000002C71000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Time: 06/24/2024 01:10:13<br>User Name: user<br>Computer Name: 888683<br>OSFullName: Microsoft Windows 10 Pro<br>CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz<br>RAM: 8191.25 MB<br><hr><b>[ Program Manager]</b> (24/04/2024 21:58:41)<br>{Win}r{Win}r |
Source: RegSvcs.exe, 00000004.00000002.4477550403.0000000002C65000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: $eq8<b>[ Program Manager]</b> (24/04/2024 21:58:41)<br>{Win}THjq |
Source: RegSvcs.exe, 00000004.00000002.4477550403.0000000002C65000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: $eq9<b>[ Program Manager]</b> (24/04/2024 21:58:41)<br>{Win}rTHjq |
Source: RegSvcs.exe, 00000004.00000002.4477550403.0000000002C65000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Program Manager |
Source: RegSvcs.exe, 00000004.00000002.4477550403.0000000002C65000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Program ManagerLReq |
Source: 62402781, Fiyat Teklif Talebi.pdf.exe |
Binary or memory string: Shell_TrayWnd |
Source: RegSvcs.exe, 00000004.00000002.4477550403.0000000002C7D000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Time: 06/24/2024 01:10:13<br>User Name: user<br>Computer Name: 888683<br>OSFullName: Microsoft Windows 10 Pro<br>CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz<br>RAM: 8191.25 MB<br><hr><b>[ Program Manager]</b> (24/04/2024 21:58:41)<br>{Win}r{Win}rTeeq |
Source: RegSvcs.exe, 00000004.00000002.4477550403.0000000002C7D000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: @\eqDTime: 06/24/2024 01:10:13<br>User Name: user<br>Computer Name: 888683<br>OSFullName: Microsoft Windows 10 Pro<br>CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz<br>RAM: 8191.25 MB<br><hr><b>[ Program Manager]</b> (24/04/2024 21:58:41)<br>{Win}r{Win}r |
Source: RegSvcs.exe, 00000004.00000002.4477550403.0000000002C65000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: $eq?<b>[ Program Manager]</b> (24/04/2024 21:58:41)<br>{Win}r{Win}rTHjq |
Source: RegSvcs.exe, 00000004.00000002.4477550403.0000000002C65000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: $eq><b>[ Program Manager]</b> (24/04/2024 21:58:41)<br>{Win}r{Win}THjq |
Source: RegSvcs.exe, 00000004.00000002.4477550403.0000000002C65000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: $eq3<b>[ Program Manager]</b> (24/04/2024 21:58:41)<br> |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Queries volume information: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Queries volume information: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: 4.2.RegSvcs.exe.285020e.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.284f326.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.5120000.8.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.5120000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.4f80000.7.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.284f326.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.4f80ee8.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c53790.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c53790.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c05570.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c06458.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.4f80000.7.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.285020e.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.4f80ee8.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c05570.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c06458.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000004.00000002.4478825665.0000000005120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.4477299535.000000000280F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.4478416946.0000000004F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.4478163041.0000000003C01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: RegSvcs.exe PID: 6380, type: MEMORYSTR |
Source: Yara match |
File source: 4.2.RegSvcs.exe.285020e.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.284f326.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.5120000.8.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.5120000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.4f80000.7.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.284f326.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.4f80ee8.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c53790.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c53790.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c05570.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c06458.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.4f80000.7.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.285020e.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.4f80ee8.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c05570.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c06458.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000004.00000002.4478825665.0000000005120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.4477299535.000000000280F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.4478416946.0000000004F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.4478163041.0000000003C01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: 62402781, Fiyat Teklif Talebi.pdf.exe |
Binary or memory string: WIN_81 |
Source: 62402781, Fiyat Teklif Talebi.pdf.exe |
Binary or memory string: WIN_XP |
Source: 62402781, Fiyat Teklif Talebi.pdf.exe |
Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory |
Source: 62402781, Fiyat Teklif Talebi.pdf.exe |
Binary or memory string: WIN_XPe |
Source: 62402781, Fiyat Teklif Talebi.pdf.exe |
Binary or memory string: WIN_VISTA |
Source: 62402781, Fiyat Teklif Talebi.pdf.exe |
Binary or memory string: WIN_7 |
Source: 62402781, Fiyat Teklif Talebi.pdf.exe |
Binary or memory string: WIN_8 |
Source: Yara match |
File source: 4.2.RegSvcs.exe.285020e.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.284f326.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.5120000.8.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.5120000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.4f80000.7.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.284f326.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.4f80ee8.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c53790.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c53790.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c05570.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c06458.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.4f80000.7.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.285020e.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.4f80ee8.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c05570.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c06458.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000004.00000002.4478825665.0000000005120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.4477299535.000000000280F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.4478416946.0000000004F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.4477550403.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.4478163041.0000000003C01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: RegSvcs.exe PID: 6380, type: MEMORYSTR |
Source: Yara match |
File source: 4.2.RegSvcs.exe.285020e.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.284f326.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.5120000.8.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.5120000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.4f80000.7.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.284f326.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.4f80ee8.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c53790.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c53790.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c05570.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c06458.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.4f80000.7.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.285020e.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.4f80ee8.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c05570.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c06458.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000004.00000002.4478825665.0000000005120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.4477299535.000000000280F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.4478416946.0000000004F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.4478163041.0000000003C01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: RegSvcs.exe PID: 6380, type: MEMORYSTR |
Source: Yara match |
File source: 4.2.RegSvcs.exe.285020e.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.284f326.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.5120000.8.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.5120000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.4f80000.7.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.284f326.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.4f80ee8.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c53790.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c53790.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c05570.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c06458.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.4f80000.7.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.285020e.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.4f80ee8.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c05570.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.3c06458.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000004.00000002.4478825665.0000000005120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.4477299535.000000000280F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.4478416946.0000000004F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.4478163041.0000000003C01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |