| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 0_2_00405FFD FindFirstFileA,FindClose, | 0_2_00405FFD |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 0_2_0040559B GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,LdrInitializeThunk,FindNextFileA,FindClose, | 0_2_0040559B |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 0_2_00402688 FindFirstFileA, | 0_2_00402688 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 4_2_00405FFD FindFirstFileA,FindClose, | 4_2_00405FFD |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 4_2_00402688 FindFirstFileA, | 4_2_00402688 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 4_2_0040559B GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, | 4_2_0040559B |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 4_2_374A10F1 lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, | 4_2_374A10F1 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 4_2_374A6580 LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,FindFirstFileExA, | 4_2_374A6580 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_0040AE51 FindFirstFileW,FindNextFileW, | 5_2_0040AE51 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_00407EF8 FindFirstFileA,FindNextFileA,strlen,strlen, | 6_2_00407EF8 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen, | 7_2_00407898 |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Code function: 8_2_00405FFD FindFirstFileA,FindClose, | 8_2_00405FFD |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Code function: 8_2_0040559B GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, | 8_2_0040559B |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Code function: 8_2_00402688 FindFirstFileA, | 8_2_00402688 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 46.183.222.85 |
| Source: rquotation.exe, 00000004.00000002.3303223061.0000000037470000.00000040.10000000.00040000.00000000.sdmp, rquotation.exe, 00000007.00000002.3183123096.0000000000400000.00000040.80000000.00040000.00000000.sdmp | String found in binary or memory: Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Users%s\Loginprpl-msnprpl-yahooprpl-jabberprpl-novellprpl-oscarprpl-ggprpl-ircaccounts.xmlaimaim_1icqicq_1jabberjabber_1msnmsn_1yahoogggg_1http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com equals www.ebuddy.com (eBuggy) |
| Source: rquotation.exe, 00000005.00000003.3196880485.0000000000AAD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: file:///C:/Windows/system32/oobe/FirstLogonAnim.htmlhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=2057&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srfms-settings:networkfile://192.168.2.1/all/install/setup.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook) |
| Source: rquotation.exe, 00000005.00000003.3196880485.0000000000AAD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: file:///C:/Windows/system32/oobe/FirstLogonAnim.htmlhttps://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=2057&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srfms-settings:networkfile://192.168.2.1/all/install/setup.au3https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo) |
| Source: rquotation.exe, rquotation.exe, 00000007.00000002.3183123096.0000000000400000.00000040.80000000.00040000.00000000.sdmp | String found in binary or memory: http://www.ebuddy.com equals www.ebuddy.com (eBuggy) |
| Source: rquotation.exe | String found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook) |
| Source: rquotation.exe, 00000004.00000002.3303086999.0000000037360000.00000040.10000000.00040000.00000000.sdmp, rquotation.exe, 00000005.00000002.3197320437.0000000000400000.00000040.80000000.00040000.00000000.sdmp | String found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.facebook.com (Facebook) |
| Source: rquotation.exe, 00000004.00000002.3303086999.0000000037360000.00000040.10000000.00040000.00000000.sdmp, rquotation.exe, 00000005.00000002.3197320437.0000000000400000.00000040.80000000.00040000.00000000.sdmp | String found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.yahoo.com (Yahoo) |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertCloudServicesCA-1.crt0 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt0B |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt0 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt0 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertCloudServicesCA-1-g1.crl0? |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG3.crl0 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://crl3.digicert.com/DigicertSHA2SecureServerCA-1.crl0? |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://crl4.digicert.com/DigiCertCloudServicesCA-1-g1.crl0 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0~ |
| Source: rquotation.exe, 00000004.00000003.3178549304.0000000006439000.00000004.00000020.00020000.00000000.sdmp, rquotation.exe, 00000004.00000003.3167759582.0000000006439000.00000004.00000020.00020000.00000000.sdmp, rquotation.exe, 00000004.00000002.3282509675.0000000006439000.00000004.00000020.00020000.00000000.sdmp, rquotation.exe, 00000004.00000003.3178887574.0000000006439000.00000004.00000020.00020000.00000000.sdmp, rquotation.exe, 00000004.00000003.3177734571.000000000642E000.00000004.00000020.00020000.00000000.sdmp, rquotation.exe, 00000004.00000003.3179933606.0000000006439000.00000004.00000020.00020000.00000000.sdmp, rquotation.exe, 00000004.00000003.3198030667.0000000006439000.00000004.00000020.00020000.00000000.sdmp, rquotation.exe, 00000004.00000003.3180610529.0000000006439000.00000004.00000020.00020000.00000000.sdmp, rquotation.exe, 00000004.00000003.3197521207.0000000006439000.00000004.00000020.00020000.00000000.sdmp, rquotation.exe, 00000004.00000003.3180728290.0000000006433000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://geoplugin.net/ |
| Source: rquotation.exe, 00000004.00000002.3282295810.00000000063DE000.00000004.00000020.00020000.00000000.sdmp, rquotation.exe, 00000004.00000002.3282295810.00000000063B3000.00000004.00000020.00020000.00000000.sdmp, rquotation.exe, 00000004.00000002.3282295810.0000000006378000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://geoplugin.net/json.gp |
| Source: rquotation.exe, 00000004.00000002.3282295810.00000000063DE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://geoplugin.net/json.gp- |
| Source: rquotation.exe, 00000004.00000002.3282295810.00000000063DE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://geoplugin.net/json.gpD |
| Source: rquotation.exe, 00000004.00000002.3282295810.00000000063B3000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://geoplugin.net/json.gpu |
| Source: Colonialises.exe, Colonialises.exe, 00000008.00000002.3275125198.0000000000409000.00000004.00000001.01000000.0000000B.sdmp, Colonialises.exe, 00000008.00000000.3224746625.0000000000409000.00000008.00000001.01000000.0000000B.sdmp, rquotation.exe, Colonialises.exe.0.dr | String found in binary or memory: http://nsis.sf.net/NSIS_Error |
| Source: rquotation.exe, Colonialises.exe.0.dr | String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://ocsp.digicert.com0 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://ocsp.digicert.com0: |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://ocsp.digicert.com0H |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://ocsp.digicert.com0I |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://ocsp.msocsp.com0 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://ocsp.msocsp.com0S |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://ocspx.digicert.com0E |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://www.digicert.com/CPS0 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://www.digicert.com/CPS0~ |
| Source: rquotation.exe, rquotation.exe, 00000007.00000002.3183123096.0000000000400000.00000040.80000000.00040000.00000000.sdmp | String found in binary or memory: http://www.ebuddy.com |
| Source: rquotation.exe, rquotation.exe, 00000007.00000003.3182970804.000000000087D000.00000004.00000020.00020000.00000000.sdmp, rquotation.exe, 00000007.00000003.3183004702.000000000087D000.00000004.00000020.00020000.00000000.sdmp, rquotation.exe, 00000007.00000002.3183123096.0000000000400000.00000040.80000000.00040000.00000000.sdmp | String found in binary or memory: http://www.imvu.com |
| Source: rquotation.exe, 00000007.00000003.3182970804.000000000087D000.00000004.00000020.00020000.00000000.sdmp, rquotation.exe, 00000007.00000003.3183004702.000000000087D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.imvu.comata |
| Source: rquotation.exe, 00000004.00000002.3303223061.0000000037470000.00000040.10000000.00040000.00000000.sdmp, rquotation.exe, 00000007.00000002.3183123096.0000000000400000.00000040.80000000.00040000.00000000.sdmp | String found in binary or memory: http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com |
| Source: rquotation.exe, 00000004.00000002.3303223061.0000000037470000.00000040.10000000.00040000.00000000.sdmp, rquotation.exe, 00000007.00000002.3183123096.0000000000400000.00000040.80000000.00040000.00000000.sdmp | String found in binary or memory: http://www.imvu.comr |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: http://www.msftconnecttest.com/connecttest.txt?n=1696428304750 |
| Source: rquotation.exe, 00000005.00000002.3197234359.0000000000193000.00000004.00000010.00020000.00000000.sdmp | String found in binary or memory: http://www.nirsoft.net |
| Source: rquotation.exe, 00000007.00000002.3183123096.0000000000400000.00000040.80000000.00040000.00000000.sdmp | String found in binary or memory: http://www.nirsoft.net/ |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DestinationEndpoint=P |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaot |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaotak |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingrms |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://config.edge.skype.com/config/v1/Skype/1446_8.53.0.77?OSVer=10.0.19045.2006&ClientID=RHTiQUpX |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://ecs.nel.measure.office.net?TenantId=Skype&DestinationEndpoint=Edge-Prod-LAX31r5a&FrontEnd=AF |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://fp-afd-nocache.azureedge.net/apc/trans.gif?77686a33b2eafa1538ef78c3be5a5910 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://fp-afd-nocache.azureedge.net/apc/trans.gif?caa2cf97cacae25a18f577703684ee65 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://fp-afd.azurefd.us/apc/trans.gif?0cf92be82316943650f2ee723bc6949e |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://fp-afd.azurefd.us/apc/trans.gif?94fb5ac9609bcb4cda0bf8acf1827073 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://fp-vp.azureedge.net/apc/trans.gif?7e9591e308dbda599df1fc08720a72a3 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://fp-vp.azureedge.net/apc/trans.gif?c6a2869c584d2ea23c67c44abe1ec326 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://fp.msedge.net/conf/v1/asgw/fpconfig.min.json |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com: |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live |
| Source: rquotation.exe | String found in binary or memory: https://login.yahoo.com/config/login |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://logincdn.msauth.net/16.000/Converged_v22057_4HqSCTf5FFStBMz0_eIqyA2.css |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://logincdn.msauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en-gb_RP-iR89BipE4i7ZOq |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_tSc0Su-bb7Jt0QVuF6v9Cg2.js |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://maps.windows.com/windows-app-web-link |
| Source: rquotation.exe, 00000004.00000002.3282295810.0000000006378000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://od.lk/ |
| Source: rquotation.exe, 00000004.00000002.3282295810.0000000006378000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://od.lk/FYmv |
| Source: rquotation.exe, 00000004.00000002.3282592886.0000000007D10000.00000004.00001000.00020000.00000000.sdmp, rquotation.exe, 00000004.00000002.3282295810.00000000063B3000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://od.lk/d/MzdfMzIxNzQ4MzBf/gdugm184.bin |
| Source: rquotation.exe, 00000004.00000003.3116127986.00000000063DE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://od.lk/d/MzdfMzIxNzQ4MzBf/gdugm184.bin0 |
| Source: rquotation.exe, 00000004.00000002.3282295810.00000000063B3000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://od.lk/d/MzdfMzIxNzQ4MzBf/gdugm184.bine |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2023-10-04-14-10-35/PreSignInSettingsConfig.json |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/dfb21df16475d4e5b2b0ba41e6c4e842c100b150.xml?OneDriveUpdate=4954a0 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/bundles/ew-preload-inline-2523c8c1505f1172be19.js |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-104bffe9378b8041455c.js |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-35de8a913e.css |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-async-styles.a903b7d0ab82e5bd2f8a.chunk.v7.css |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bootstrap-5e7af218e953d095fabf.js |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bundle-0debb885be07c402c948.js |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bundle-994d8943fc9264e2f8d3.css |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-fluent~left-nav-rc.ec3581b6c9e6e9985aa7.chunk.v7.js |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-forms-group~mru~officeforms-group-forms~officeforms |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-left-nav-rc.6c288f9aff9797959103.chunk.v7.js |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-mru.9ba2d4c9e339ba497e10.chunk.v7.js |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendor-bundle-1652fd8b358d589e6ec0.js |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendors~left-nav-rc.52c45571d19ede0a7005.chunk.v7.j |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendors~left-nav-rc.d918c7fc33e22b41b936.chunk.v7.c |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwaunauth-9d8bc214ac.css |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/bundles/sharedfontstyles-27fa2598d8.css |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/bundles/sharedscripts-939520eada.js |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/bundles/staticpwascripts-30998bff8f.js |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/bundles/staticstylesfabric-35c34b95e3.css |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/hero-image-desktop-f6720a4145.jpg |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/lockup-mslogo-color-78c06e8898.png |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/microsoft-365-logo-01d5ecd01a.png |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-apps-image-46596a6856.png |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-checkmark-image-1999f0bf81.png |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/versionless/officehome/thirdpartynotice.html |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_regular.woff2 |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_semibold.woff2 |
| Source: rquotation.exe, 00000004.00000003.3116127986.00000000063DE000.00000004.00000020.00020000.00000000.sdmp, rquotation.exe, 00000004.00000002.3282295810.00000000063DE000.00000004.00000020.00020000.00000000.sdmp, rquotation.exe, 00000004.00000003.3129303182.00000000063E5000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://web.opendrive.com/ |
| Source: rquotation.exe, 00000004.00000003.3116127986.00000000063DE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://web.opendrive.com/0 |
| Source: rquotation.exe, 00000004.00000003.3116127986.00000000063DE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://web.opendrive.com/1& |
| Source: rquotation.exe, 00000004.00000003.3116127986.00000000063DE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://web.opendrive.com/al |
| Source: rquotation.exe, 00000004.00000003.3129303182.00000000063E5000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://web.opendrive.com/api/v1/download/file.json/MzdfMzIxNzQ4MzBf?temp_key=%81%DB%A0%9B_8n%29&inl |
| Source: rquotation.exe, 00000004.00000003.3116127986.00000000063DE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://web.opendrive.com/s |
| Source: rquotation.exe, rquotation.exe, 00000007.00000002.3183123096.0000000000400000.00000040.80000000.00040000.00000000.sdmp | String found in binary or memory: https://www.google.com |
| Source: rquotation.exe | String found in binary or memory: https://www.google.com/accounts/servicelogin |
| Source: bhv1B9B.tmp.5.dr | String found in binary or memory: https://www.office.com/ |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_0040987A EmptyClipboard,wcslen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard, | 5_2_0040987A |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_004098E2 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard, | 5_2_004098E2 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_00406DFC EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard, | 6_2_00406DFC |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_00406E9F EmptyClipboard,strlen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard, | 6_2_00406E9F |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_004068B5 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard, | 7_2_004068B5 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_004072B5 EmptyClipboard,strlen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard, | 7_2_004072B5 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 0_2_004030D9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,LdrInitializeThunk,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess, | 0_2_004030D9 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 4_2_004030D9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, | 4_2_004030D9 |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Code function: 8_2_004030D9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, | 8_2_004030D9 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 0_2_00406344 | 0_2_00406344 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 0_2_0040488F | 0_2_0040488F |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 4_2_00406344 | 4_2_00406344 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 4_2_0040488F | 4_2_0040488F |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 4_2_374AB5C1 | 4_2_374AB5C1 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 4_2_374B7194 | 4_2_374B7194 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_0044B040 | 5_2_0044B040 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_0043610D | 5_2_0043610D |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_00447310 | 5_2_00447310 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_0044A490 | 5_2_0044A490 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_0040755A | 5_2_0040755A |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_0043C560 | 5_2_0043C560 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_0044B610 | 5_2_0044B610 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_0044D6C0 | 5_2_0044D6C0 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_004476F0 | 5_2_004476F0 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_0044B870 | 5_2_0044B870 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_0044081D | 5_2_0044081D |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_00414957 | 5_2_00414957 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_004079EE | 5_2_004079EE |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_00407AEB | 5_2_00407AEB |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_0044AA80 | 5_2_0044AA80 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_00412AA9 | 5_2_00412AA9 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_00404B74 | 5_2_00404B74 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_00404B03 | 5_2_00404B03 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_0044BBD8 | 5_2_0044BBD8 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_00404BE5 | 5_2_00404BE5 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_00404C76 | 5_2_00404C76 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_00415CFE | 5_2_00415CFE |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_00416D72 | 5_2_00416D72 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_00446D30 | 5_2_00446D30 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_00446D8B | 5_2_00446D8B |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_00406E8F | 5_2_00406E8F |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_00405038 | 6_2_00405038 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_0041208C | 6_2_0041208C |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_004050A9 | 6_2_004050A9 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_0040511A | 6_2_0040511A |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_0043C13A | 6_2_0043C13A |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_004051AB | 6_2_004051AB |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_00449300 | 6_2_00449300 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_0040D322 | 6_2_0040D322 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_0044A4F0 | 6_2_0044A4F0 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_0043A5AB | 6_2_0043A5AB |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_00413631 | 6_2_00413631 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_00446690 | 6_2_00446690 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_0044A730 | 6_2_0044A730 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_004398D8 | 6_2_004398D8 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_004498E0 | 6_2_004498E0 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_0044A886 | 6_2_0044A886 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_0043DA09 | 6_2_0043DA09 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_00438D5E | 6_2_00438D5E |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_00449ED0 | 6_2_00449ED0 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_0041FE83 | 6_2_0041FE83 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_00430F54 | 6_2_00430F54 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_004050C2 | 7_2_004050C2 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_004014AB | 7_2_004014AB |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_00405133 | 7_2_00405133 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_004051A4 | 7_2_004051A4 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_00401246 | 7_2_00401246 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_0040CA46 | 7_2_0040CA46 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_00405235 | 7_2_00405235 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_004032C8 | 7_2_004032C8 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_004222D9 | 7_2_004222D9 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_00401689 | 7_2_00401689 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_00402F60 | 7_2_00402F60 |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Code function: 8_2_00406344 | 8_2_00406344 |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Code function: 8_2_0040488F | 8_2_0040488F |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 0_2_004030D9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,LdrInitializeThunk,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess, | 0_2_004030D9 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 4_2_004030D9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, | 4_2_004030D9 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_00410DE1 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueA,GetProcAddress,AdjustTokenPrivileges,CloseHandle, | 7_2_00410DE1 |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Code function: 8_2_004030D9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, | 8_2_004030D9 |
| Source: rquotation.exe, rquotation.exe, 00000005.00000002.3197320437.0000000000400000.00000040.80000000.00040000.00000000.sdmp | Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence'; |
| Source: rquotation.exe, rquotation.exe, 00000006.00000002.3181880318.0000000000400000.00000040.80000000.00040000.00000000.sdmp | Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q); |
| Source: rquotation.exe, 00000004.00000002.3303086999.0000000037360000.00000040.10000000.00040000.00000000.sdmp, rquotation.exe, 00000005.00000002.3197320437.0000000000400000.00000040.80000000.00040000.00000000.sdmp | Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger'); |
| Source: rquotation.exe, rquotation.exe, 00000005.00000002.3197320437.0000000000400000.00000040.80000000.00040000.00000000.sdmp | Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0 |
| Source: rquotation.exe, rquotation.exe, 00000005.00000002.3197320437.0000000000400000.00000040.80000000.00040000.00000000.sdmp | Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s; |
| Source: rquotation.exe, rquotation.exe, 00000005.00000002.3197320437.0000000000400000.00000040.80000000.00040000.00000000.sdmp | Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s; |
| Source: rquotation.exe, 00000005.00000002.3197958160.0000000002730000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key)); |
| Source: rquotation.exe, rquotation.exe, 00000005.00000002.3197320437.0000000000400000.00000040.80000000.00040000.00000000.sdmp | Binary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: propsys.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: dwmapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: oleacc.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: shfolder.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: iconcodecservice.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: windowscodecs.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: riched20.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: usp10.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: msls31.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: textinputframework.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: coremessaging.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: ntmarta.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: textshaping.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: wininet.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: iertutil.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: winhttp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: mswsock.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: winnsi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: urlmon.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: dnsapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: rasadhlp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: schannel.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: ntasn1.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: dpapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: gpapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: ncrypt.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: winmm.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: wininet.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: pstorec.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: vaultcli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: dpapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: pstorec.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: propsys.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: dwmapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: oleacc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: shfolder.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: iconcodecservice.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: windowscodecs.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: riched20.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: usp10.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: msls31.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: textinputframework.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: coremessaging.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: ntmarta.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: coremessaging.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Section loaded: textshaping.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 0_2_10002D20 push eax; ret | 0_2_10002D4E |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 4_2_374B1219 push esp; iretd | 4_2_374B121A |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 4_2_374A2806 push ecx; ret | 4_2_374A2819 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_0044693D push ecx; ret | 5_2_0044694D |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_0044DB70 push eax; ret | 5_2_0044DB84 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_0044DB70 push eax; ret | 5_2_0044DBAC |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_00451D54 push eax; ret | 5_2_00451D61 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_0044B090 push eax; ret | 6_2_0044B0A4 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_0044B090 push eax; ret | 6_2_0044B0CC |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_00451D34 push eax; ret | 6_2_00451D41 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_00444E71 push ecx; ret | 6_2_00444E81 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_00414060 push eax; ret | 7_2_00414074 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_00414060 push eax; ret | 7_2_0041409C |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_00414039 push ecx; ret | 7_2_00414049 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_004164EB push 0000006Ah; retf | 7_2_004165C4 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_00416553 push 0000006Ah; retf | 7_2_004165C4 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_00416555 push 0000006Ah; retf | 7_2_004165C4 |
| Source: C:\Users\user\Desktop\rquotation.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 0_2_00405FFD FindFirstFileA,FindClose, | 0_2_00405FFD |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 0_2_0040559B GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,LdrInitializeThunk,FindNextFileA,FindClose, | 0_2_0040559B |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 0_2_00402688 FindFirstFileA, | 0_2_00402688 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 4_2_00405FFD FindFirstFileA,FindClose, | 4_2_00405FFD |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 4_2_00402688 FindFirstFileA, | 4_2_00402688 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 4_2_0040559B GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, | 4_2_0040559B |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 4_2_374A10F1 lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, | 4_2_374A10F1 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 4_2_374A6580 LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,FindFirstFileExA, | 4_2_374A6580 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 5_2_0040AE51 FindFirstFileW,FindNextFileW, | 5_2_0040AE51 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 6_2_00407EF8 FindFirstFileA,FindNextFileA,strlen,strlen, | 6_2_00407EF8 |
| Source: C:\Users\user\Desktop\rquotation.exe | Code function: 7_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen, | 7_2_00407898 |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Code function: 8_2_00405FFD FindFirstFileA,FindClose, | 8_2_00405FFD |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Code function: 8_2_0040559B GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, | 8_2_0040559B |
| Source: C:\Users\user\AppData\Local\Temp\Operagoer\Colonialises.exe | Code function: 8_2_00402688 FindFirstFileA, | 8_2_00402688 |
Edit tour
rquotation.exe (PID: 6648 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
