Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008EB0FC CertOpenStore,GetLastError,CryptStringToBinaryA,CertCloseStore,CertFindCertificateInStore,CertCloseStore,__fread_nolock,MultiByteToWideChar,PFXImportCertStore,GetLastError,CertFindCertificateInStore,GetLastError,CertCloseStore,CertFreeCertificateContext,CertCloseStore,CertFreeCertificateContext, |
0_2_008EB0FC |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008E9FB0 BCryptGenRandom, |
0_2_008E9FB0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_009140E0 CryptAcquireContextA,CryptCreateHash,CryptReleaseContext, |
0_2_009140E0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_00914140 CryptHashData, |
0_2_00914140 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_00914160 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext, |
0_2_00914160 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_00914640 CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext, |
0_2_00914640 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008EAB90 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext, |
0_2_008EAB90 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_00916C50 CryptAcquireContextA,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext, |
0_2_00916C50 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_0090F0F0 CryptQueryObject,CertAddCertificateContextToStore,CertFreeCertificateContext,GetLastError,GetLastError, |
0_2_0090F0F0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_0090F5C0 CertGetNameStringA,CertFindExtension,CryptDecodeObjectEx, |
0_2_0090F5C0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_00915E90 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext, |
0_2_00915E90 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_00915EF0 CryptAcquireContextA,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext, |
0_2_00915EF0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_00915E30 CryptAcquireContextA,CryptCreateHash,CryptReleaseContext, |
0_2_00915E30 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008E9E40 BCryptGenRandom, |
0_2_008E9E40 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008E9F00 BCryptGenRandom, |
0_2_008E9F00 |
Source: WAdE7vk6kk.exe |
String found in binary or memory: https://curl.se/docs/alt-svc.html |
Source: WAdE7vk6kk.exe |
String found in binary or memory: https://curl.se/docs/alt-svc.html# |
Source: WAdE7vk6kk.exe |
String found in binary or memory: https://curl.se/docs/hsts.html |
Source: WAdE7vk6kk.exe |
String found in binary or memory: https://curl.se/docs/hsts.html# |
Source: WAdE7vk6kk.exe |
String found in binary or memory: https://curl.se/docs/http-cookies.html |
Source: WAdE7vk6kk.exe |
String found in binary or memory: https://curl.se/docs/http-cookies.html# |
Source: WAdE7vk6kk.exe |
String found in binary or memory: https://helloitelemetry.cc/2xpIMc81Kn |
Source: WAdE7vk6kk.exe, 00000000.00000002.1660805540.0000000000F6E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://helloitelemetry.cc/2xpIMc81Kn/9a6b4fe2-a803-4bfe-88e9-f61599aa8c1b/update |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_00914640 CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext, |
0_2_00914640 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008E70C0 |
0_2_008E70C0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008EB0FC |
0_2_008EB0FC |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008C7210 |
0_2_008C7210 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_00908040 |
0_2_00908040 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008AC180 |
0_2_008AC180 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008B01D0 |
0_2_008B01D0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_0093A3BD |
0_2_0093A3BD |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008A43F0 |
0_2_008A43F0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_0090E370 |
0_2_0090E370 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008A2470 |
0_2_008A2470 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_009345B9 |
0_2_009345B9 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008AC690 |
0_2_008AC690 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008E66C0 |
0_2_008E66C0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_0093C6CE |
0_2_0093C6CE |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008B2610 |
0_2_008B2610 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008D2630 |
0_2_008D2630 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_0090A7D0 |
0_2_0090A7D0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008B47D0 |
0_2_008B47D0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008A6720 |
0_2_008A6720 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008A68C0 |
0_2_008A68C0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_0091C81A |
0_2_0091C81A |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_0091E850 |
0_2_0091E850 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008C0870 |
0_2_008C0870 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008B29B0 |
0_2_008B29B0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008BE9F0 |
0_2_008BE9F0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008A6A60 |
0_2_008A6A60 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_00922B25 |
0_2_00922B25 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_00916C00 |
0_2_00916C00 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008E8C40 |
0_2_008E8C40 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_00908C60 |
0_2_00908C60 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008A6D90 |
0_2_008A6D90 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008DCDC0 |
0_2_008DCDC0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_00918D10 |
0_2_00918D10 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008B4D20 |
0_2_008B4D20 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008B2D30 |
0_2_008B2D30 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_00922E84 |
0_2_00922E84 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008ACE00 |
0_2_008ACE00 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008ECF80 |
0_2_008ECF80 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008B30A0 |
0_2_008B30A0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008E1380 |
0_2_008E1380 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008F53C0 |
0_2_008F53C0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_0092F3CF |
0_2_0092F3CF |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008A9300 |
0_2_008A9300 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008FD370 |
0_2_008FD370 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008FF490 |
0_2_008FF490 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008B3410 |
0_2_008B3410 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008B96A0 |
0_2_008B96A0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008B3790 |
0_2_008B3790 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_009017A0 |
0_2_009017A0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_0090F7C0 |
0_2_0090F7C0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008A1A40 |
0_2_008A1A40 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008A3A70 |
0_2_008A3A70 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008AFB30 |
0_2_008AFB30 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008F5C80 |
0_2_008F5C80 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_00911CF0 |
0_2_00911CF0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008ABD10 |
0_2_008ABD10 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008ADE10 |
0_2_008ADE10 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008A1E40 |
0_2_008A1E40 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008B1FA0 |
0_2_008B1FA0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008A5F30 |
0_2_008A5F30 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: String function: 008D9D40 appears 71 times |
|
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: String function: 008D9CE0 appears 37 times |
|
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: String function: 008D57B0 appears 68 times |
|
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: String function: 008D5720 appears 288 times |
|
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: String function: 00917F40 appears 57 times |
|
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: String function: 008D5650 appears 398 times |
|
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: String function: 008DC090 appears 43 times |
|
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: String function: 008DA2C0 appears 32 times |
|
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: String function: 00912D50 appears 33 times |
|
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: WAdE7vk6kk.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: WAdE7vk6kk.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: WAdE7vk6kk.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: WAdE7vk6kk.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: WAdE7vk6kk.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: WAdE7vk6kk.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: WAdE7vk6kk.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: WAdE7vk6kk.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: WAdE7vk6kk.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: WAdE7vk6kk.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: WAdE7vk6kk.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008D7DB0 GetModuleHandleA,GetProcAddress,_strpbrk,LoadLibraryA,GetProcAddress,LoadLibraryExA,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA, |
0_2_008D7DB0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008D7DB0 GetModuleHandleA,GetProcAddress,_strpbrk,LoadLibraryA,GetProcAddress,LoadLibraryExA,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA, |
0_2_008D7DB0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_00917861 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00917861 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_00923CD5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00923CD5 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_00917CE9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00917CE9 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_00917E7D SetUnhandledExceptionFilter, |
0_2_00917E7D |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
0_2_0093A907 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: EnumSystemLocalesW, |
0_2_0093ABB3 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: EnumSystemLocalesW, |
0_2_0093ABFE |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: EnumSystemLocalesW, |
0_2_0093AC99 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
0_2_0093AD24 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: GetLocaleInfoW, |
0_2_0093AF77 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
0_2_0093B0A0 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: GetLocaleInfoW, |
0_2_0093B1A6 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
0_2_0093B27C |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: EnumSystemLocalesW, |
0_2_0093349E |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: GetLocaleInfoW, |
0_2_00933A61 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008E9570 socket,socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,send,recv,WSAGetLastError,closesocket,closesocket,closesocket,closesocket,closesocket, |
0_2_008E9570 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_00904690 htons,htons,htons,bind,htons,htons,bind,getsockname,WSAGetLastError,WSAGetLastError, |
0_2_00904690 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008FC85A bind,WSAGetLastError, |
0_2_008FC85A |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008FCA50 bind,WSAGetLastError, |
0_2_008FCA50 |
Source: C:\Users\user\Desktop\WAdE7vk6kk.exe |
Code function: 0_2_008F53C0 getsockname,WSAGetLastError,WSAGetLastError,htons,bind,WSAGetLastError,getsockname,getsockname,listen,WSAGetLastError,htons,htons, |
0_2_008F53C0 |