| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ebx, byte ptr [esp+edx+10E8C126h] | 3_2_00411040 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov ecx, edi | 3_2_0042C080 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov byte ptr [ecx], bl | 3_2_00411640 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov eax, dword ptr [esp+58h] | 3_2_0040E82F |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then cmp word ptr [edi+ebx], 0000h | 3_2_0044D990 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], CA198B66h | 3_2_0042FA30 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx edx, byte ptr [esp+eax-7FFFFFFFh] | 3_2_0042FA30 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx eax, di | 3_2_0042FA30 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx edi, byte ptr [esp+ecx+4E5AD110h] | 3_2_0040DAC0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov byte ptr [ebx], al | 3_2_00436C8E |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov byte ptr [esi], cl | 3_2_00436D60 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then push eax | 3_2_0040ED7F |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ecx, byte ptr [esp+eax-7FC4FC76h] | 3_2_00421EF0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], 64DAE379h | 3_2_00421EF0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ecx, byte ptr [esp+eax-7FC4FC82h] | 3_2_00421EF0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], 6D58C181h | 3_2_00421EF0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov dword ptr [esp], ecx | 3_2_004380AC |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov byte ptr [esi], cl | 3_2_004371CF |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h] | 3_2_0040A340 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ecx, word ptr [edi+esi*4] | 3_2_0040A340 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then cmp dword ptr [edx+ecx*8], 7A542AABh | 3_2_0044E340 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ebx, byte ptr [esp+eax-2Eh] | 3_2_0043137E |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ebx, byte ptr [esp+eax-2Eh] | 3_2_0043137E |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx edx, byte ptr [esp+ecx+04h] | 3_2_0043238F |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ebx, byte ptr [edx] | 3_2_00442440 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov dword ptr [esp], ecx | 3_2_0043644C |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ecx, byte ptr [esi+eax-7FC4FC7Ah] | 3_2_0041D4F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then cmp word ptr [esi+eax+02h], 0000h | 3_2_00429490 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], 93A82FD1h | 3_2_00429490 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ecx, byte ptr [esp+eax-1530D448h] | 3_2_00421510 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ebx, byte ptr [esp+ecx+08h] | 3_2_00421510 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ecx, byte ptr [edx+eax+013A68D0h] | 3_2_00433587 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov dword ptr [esp], ecx | 3_2_0043658C |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov byte ptr [ebx], cl | 3_2_00436598 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then cmp dword ptr [edi+ecx*8], 744E5843h | 3_2_00449650 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx esi, byte ptr [esp+eax+0Ch] | 3_2_00413670 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ecx, byte ptr [edx+eax+013A68D0h] | 3_2_0043360A |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], 93A82FD1h | 3_2_0043163A |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ecx, byte ptr [esi+eax-7FC4FC7Ah] | 3_2_0041D6D2 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov byte ptr [ebx], cl | 3_2_0040C6F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then cmp dword ptr [edx+ecx*8], 3FDB1228h | 3_2_00412723 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ecx, byte ptr [esp+eax-7FCB06BCh] | 3_2_004327D4 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ecx, byte ptr [esi+eax-7FC4FC7Ah] | 3_2_0041D782 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov word ptr [eax], cx | 3_2_0041D842 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx edx, byte ptr [esp+eax-7FC4FC82h] | 3_2_00446850 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ecx, byte ptr [esp+edi+6A51526Ah] | 3_2_004278F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov byte ptr [edi], cl | 3_2_004369B3 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ecx, byte ptr [esp+eax+08BE7850h] | 3_2_0044AA44 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov edx, ecx | 3_2_00433A4B |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx edi, byte ptr [esp+edx] | 3_2_0044EA50 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx edx, byte ptr [esp+ecx-3ECF6056h] | 3_2_00425A00 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov byte ptr [edi], cl | 3_2_00425A00 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov word ptr [edi], cx | 3_2_00429A30 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov ebp, eax | 3_2_00408AC0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov word ptr [ebx], cx | 3_2_0042EA80 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], 93A82FD1h | 3_2_0041EB48 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov dword ptr [esi+0Ch], ecx | 3_2_00420B1E |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movsx eax, byte ptr [esi+ecx] | 3_2_0041BBD0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx edx, byte ptr [esp+eax+0Ch] | 3_2_00449BA0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ecx, byte ptr [esi+eax-7FC4FC7Ah] | 3_2_0041DBBC |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then jmp ecx | 3_2_00423C80 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then jmp ecx | 3_2_00423C95 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then cmp dword ptr [esp], 00000000h | 3_2_00446D51 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], 93A82FD1h | 3_2_0041ED5D |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx edx, byte ptr [ebp+eax+00h] | 3_2_0040CE40 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ecx, byte ptr [esi+eax-7FC4FC7Ah] | 3_2_0041DE36 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov byte ptr [esi], cl | 3_2_00436E39 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h] | 3_2_00445EC0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov ebx, dword ptr [edi+04h] | 3_2_00433EE0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ecx, byte ptr [esi+eax-7FC4FC7Ah] | 3_2_0041DEF1 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ecx, byte ptr [esi+eax-7FC4FC7Ah] | 3_2_0041DEF1 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ecx, byte ptr [esi+eax-7FC4FC7Ah] | 3_2_0041DEF1 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ecx, byte ptr [esi+eax-7FC4FC7Ah] | 3_2_0041DEF1 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then add edi, ecx | 3_2_0042EE93 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then cmp word ptr [ebx+esi+02h], 0000h | 3_2_00428EA0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov edx, dword ptr [esp+44h] | 3_2_00424F20 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov edx, dword ptr [esp+44h] | 3_2_00424F29 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then cmp dword ptr [edx+ecx*8], 743EDB10h | 3_2_0044DFD0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ecx, byte ptr [esi+eax-7FC4FC7Ah] | 3_2_0041DFE9 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov dword ptr [esp], ecx | 3_2_00437FFD |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx edx, byte ptr [esp+eax] | 3_2_00446F87 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx ecx, word ptr [ebp+eax+00h] | 3_2_00446F87 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then movzx edi, byte ptr [esp+ecx+12h] | 3_2_00446F87 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 4x nop then mov byte ptr [esi], al | 3_2_00437F89 |
| Source: Aura.exe, 00000003.00000003.1449954436.0000000003913000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0 |
| Source: Aura.exe, 00000003.00000003.1449954436.0000000003913000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
| Source: Aura.exe, 00000003.00000003.1449954436.0000000003913000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0 |
| Source: Aura.exe, 00000003.00000003.1449954436.0000000003913000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
| Source: Aura.exe, 00000003.00000003.1449954436.0000000003913000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
| Source: Aura.exe, 00000003.00000003.1449954436.0000000003913000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00 |
| Source: Aura.exe, 00000003.00000003.1449954436.0000000003913000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0? |
| Source: Aura.exe, 00000003.00000003.1449954436.0000000003913000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0 |
| Source: Aura.exe, 00000003.00000003.1449954436.0000000003913000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.rootca1.amazontrust.com0: |
| Source: Amcache.hve.6.dr | String found in binary or memory: http://upx.sf.net |
| Source: Aura.exe, 00000003.00000003.1449954436.0000000003913000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.c.lencr.org/0 |
| Source: Aura.exe, 00000003.00000003.1449954436.0000000003913000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.i.lencr.org/0 |
| Source: Aura.exe, 00000003.00000003.1397442042.00000000038E8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ac.ecosia.org?q= |
| Source: Aura.exe, 00000003.00000003.1395874766.0000000001327000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://astralconnec.icu/DPowko |
| Source: Aura.exe, 00000003.00000003.1397442042.00000000038E8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
| Source: Aura.exe, 00000003.00000003.1397442042.00000000038E8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
| Source: Aura.exe, 00000003.00000003.1397442042.00000000038E8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
| Source: Aura.exe, 00000003.00000003.1397442042.00000000038E8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/ac/?q= |
| Source: Aura.exe, 00000003.00000003.1397442042.00000000038E8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/chrome_newtabv209h |
| Source: Aura.exe, 00000003.00000003.1397442042.00000000038E8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
| Source: Aura.exe, 00000003.00000003.1395874766.0000000001327000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://featureccus.shop/bdMAnM |
| Source: Aura.exe, 00000003.00000003.1395874766.0000000001327000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://featureccus.shop/l |
| Source: Aura.exe, 00000003.00000003.1397442042.00000000038E8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://gemini.google.com/app?q= |
| Source: Aura.exe, 00000003.00000003.2198542182.00000000013A9000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000002.2579059811.00000000013AC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://jowinjoinery.icu/ |
| Source: Aura.exe, 00000003.00000003.2198542182.00000000013A9000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000002.2579059811.00000000013AC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://jowinjoinery.icu/P |
| Source: Aura.exe, 00000003.00000002.2579059811.00000000013AC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://jowinjoinery.icu/bdWUa |
| Source: Aura.exe, 00000003.00000003.2198542182.00000000013A9000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000002.2579059811.00000000013AC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://jowinjoinery.icu/cb |
| Source: Aura.exe, 00000003.00000002.2579588323.00000000038F4000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://jowinjoinery.icu:443/bdWUaicrosoft |
| Source: Aura.exe, 00000003.00000003.1425991879.00000000013AD000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1509261866.00000000013AD000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1534242372.00000000013AD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mrodularmall.top/ |
| Source: Aura.exe, 00000003.00000003.1395874766.0000000001327000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mrodularmall.top/8 |
| Source: Aura.exe, 00000003.00000003.1425991879.00000000013AD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mrodularmall.top/P=C: |
| Source: Aura.exe, 00000003.00000003.1425991879.00000000013AD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mrodularmall.top/Sb |
| Source: Aura.exe, 00000003.00000003.1509261866.00000000013AD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mrodularmall.top/Y |
| Source: Aura.exe, 00000003.00000003.1425991879.00000000013AD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mrodularmall.top/a |
| Source: Aura.exe, 00000003.00000003.1534242372.00000000013AD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mrodularmall.top/aNzS |
| Source: Aura.exe, 00000003.00000003.1555362408.00000000013AD000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1555401145.00000000013B5000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1534242372.00000000013AD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mrodularmall.top/aNzSim |
| Source: Aura.exe, 00000003.00000003.1395874766.0000000001327000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mrodularmall.top/aNzSy |
| Source: Aura.exe, 00000003.00000003.2198542182.00000000013A9000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000002.2579059811.00000000013AC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mrodularmall.top/p#b |
| Source: Aura.exe, 00000003.00000003.1449006745.00000000038F4000.00000004.00000800.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1425124973.00000000038F4000.00000004.00000800.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1423142277.00000000038F4000.00000004.00000800.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1508869079.00000000038F4000.00000004.00000800.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1424052324.00000000038F4000.00000004.00000800.00020000.00000000.sdmp, Aura.exe, 00000003.00000002.2579588323.00000000038F4000.00000004.00000800.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1477825528.00000000038F4000.00000004.00000800.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1395874766.0000000001303000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1424492990.00000000038F4000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://mrodularmall.top:443/aNzS |
| Source: Aura.exe, 00000003.00000002.2579588323.00000000038F4000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://mrodularmall.top:443/aNzSMicrosoft |
| Source: Aura.exe, 00000003.00000003.1508869079.00000000038F4000.00000004.00000800.00020000.00000000.sdmp, Aura.exe, 00000003.00000002.2579588323.00000000038F4000.00000004.00000800.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1477825528.00000000038F4000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://mrodularmall.top:443/aNzShv.default-release/key4.dbPK |
| Source: Aura.exe, 00000003.00000003.1451593904.0000000003AEF000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
| Source: Aura.exe, 00000003.00000003.1451593904.0000000003AEF000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all |
| Source: Aura.exe, 00000003.00000003.1353557204.000000000133B000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1353634903.0000000001303000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1395874766.0000000001303000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/ |
| Source: Aura.exe, 00000003.00000003.1353519964.0000000001371000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000002.2578727115.00000000012D8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/asdawfq |
| Source: Aura.exe, 00000003.00000003.1395874766.0000000001327000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://web.telegram.org |
| Source: Aura.exe, 00000003.00000003.1353712898.0000000001327000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1353557204.0000000001327000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://web.telegram.orgPersistent-AuthWWW-AuthenticateVarystel_ssid=534dbfa6f9df898e79_173770952914 |
| Source: Aura.exe, 00000003.00000003.1353712898.0000000001327000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1353557204.0000000001327000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://web.telegram.orgX-Frame-OptionsALLOW-FROM |
| Source: Aura.exe, 00000003.00000003.1397442042.00000000038E8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.ecosia.org/newtab/v20 |
| Source: Aura.exe, 00000003.00000003.1397442042.00000000038E8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico |
| Source: Aura.exe, 00000003.00000003.1451593904.0000000003AEF000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc |
| Source: Aura.exe, 00000003.00000003.1451593904.0000000003AEF000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6 |
| Source: Aura.exe, 00000003.00000003.1451593904.0000000003AEF000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
| Source: Aura.exe, 00000003.00000003.1451593904.0000000003AEF000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
| Source: Aura.exe, 00000003.00000003.1451593904.0000000003AEF000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg |
| Source: Aura.exe, 00000003.00000003.1451593904.0000000003AEF000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A54D60 | 0_2_00A54D60 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A91EE0 | 0_2_00A91EE0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A926F0 | 0_2_00A926F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A5C0A0 | 0_2_00A5C0A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A858A0 | 0_2_00A858A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A868A0 | 0_2_00A868A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AA28A0 | 0_2_00AA28A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AB78A0 | 0_2_00AB78A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A6D8E0 | 0_2_00A6D8E0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A898F0 | 0_2_00A898F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A918F0 | 0_2_00A918F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AB88F0 | 0_2_00AB88F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A6E0D0 | 0_2_00A6E0D0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AAD0D0 | 0_2_00AAD0D0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A68020 | 0_2_00A68020 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A78020 | 0_2_00A78020 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AA9030 | 0_2_00AA9030 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A64810 | 0_2_00A64810 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A8A816 | 0_2_00A8A816 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A59860 | 0_2_00A59860 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A5D870 | 0_2_00A5D870 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A6D070 | 0_2_00A6D070 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A60070 | 0_2_00A60070 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AAA073 | 0_2_00AAA073 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AD5072 | 0_2_00AD5072 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A8E050 | 0_2_00A8E050 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AAA1BB | 0_2_00AAA1BB |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A67980 | 0_2_00A67980 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A5E9E0 | 0_2_00A5E9E0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AA59E0 | 0_2_00AA59E0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AD31F8 | 0_2_00AD31F8 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AAD9C0 | 0_2_00AAD9C0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00ABA9C0 | 0_2_00ABA9C0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A7F920 | 0_2_00A7F920 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A65130 | 0_2_00A65130 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A85130 | 0_2_00A85130 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A5C90C | 0_2_00A5C90C |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A9C910 | 0_2_00A9C910 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A56119 | 0_2_00A56119 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A77160 | 0_2_00A77160 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A8D160 | 0_2_00A8D160 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A62940 | 0_2_00A62940 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A90140 | 0_2_00A90140 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A8C150 | 0_2_00A8C150 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A59AA0 | 0_2_00A59AA0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AB92A0 | 0_2_00AB92A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A7EAB0 | 0_2_00A7EAB0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A7D2B0 | 0_2_00A7D2B0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A9C2B0 | 0_2_00A9C2B0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AB62B0 | 0_2_00AB62B0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A57280 | 0_2_00A57280 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AB4A80 | 0_2_00AB4A80 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A88290 | 0_2_00A88290 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AAC290 | 0_2_00AAC290 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A6F2F0 | 0_2_00A6F2F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A6A2F0 | 0_2_00A6A2F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A7A2F0 | 0_2_00A7A2F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A84AF0 | 0_2_00A84AF0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A76A20 | 0_2_00A76A20 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A9EA20 | 0_2_00A9EA20 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A60A10 | 0_2_00A60A10 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A70A10 | 0_2_00A70A10 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AB0A10 | 0_2_00AB0A10 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A6FA40 | 0_2_00A6FA40 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A74A40 | 0_2_00A74A40 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A87240 | 0_2_00A87240 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A5AA4A | 0_2_00A5AA4A |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A67250 | 0_2_00A67250 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A72BA0 | 0_2_00A72BA0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A9D3A0 | 0_2_00A9D3A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AA93B9 | 0_2_00AA93B9 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A58BB0 | 0_2_00A58BB0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AAD3B0 | 0_2_00AAD3B0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A62380 | 0_2_00A62380 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A70380 | 0_2_00A70380 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A7C380 | 0_2_00A7C380 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A8FB80 | 0_2_00A8FB80 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AAB380 | 0_2_00AAB380 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AB5B80 | 0_2_00AB5B80 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00ABA39F | 0_2_00ABA39F |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00ABD3E8 | 0_2_00ABD3E8 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A793D0 | 0_2_00A793D0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A85BD0 | 0_2_00A85BD0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A57B21 | 0_2_00A57B21 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A63B20 | 0_2_00A63B20 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A7FB30 | 0_2_00A7FB30 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A71330 | 0_2_00A71330 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A94B00 | 0_2_00A94B00 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A6EB10 | 0_2_00A6EB10 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A7E310 | 0_2_00A7E310 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A85360 | 0_2_00A85360 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AB0360 | 0_2_00AB0360 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A6D340 | 0_2_00A6D340 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A75B40 | 0_2_00A75B40 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A82350 | 0_2_00A82350 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A93B50 | 0_2_00A93B50 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AA4350 | 0_2_00AA4350 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A5FCA0 | 0_2_00A5FCA0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A804A0 | 0_2_00A804A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A904B0 | 0_2_00A904B0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AAACB0 | 0_2_00AAACB0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AAE480 | 0_2_00AAE480 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AB2480 | 0_2_00AB2480 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AA8C90 | 0_2_00AA8C90 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AA94EB | 0_2_00AA94EB |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A6CCE0 | 0_2_00A6CCE0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A734E0 | 0_2_00A734E0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A834E0 | 0_2_00A834E0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A61CF0 | 0_2_00A61CF0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A84CF0 | 0_2_00A84CF0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A94CF0 | 0_2_00A94CF0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AA04F0 | 0_2_00AA04F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A81CC0 | 0_2_00A81CC0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AA6CC4 | 0_2_00AA6CC4 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A8BC20 | 0_2_00A8BC20 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A84430 | 0_2_00A84430 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A64400 | 0_2_00A64400 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AA9C00 | 0_2_00AA9C00 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A96C10 | 0_2_00A96C10 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A7CC70 | 0_2_00A7CC70 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A89C70 | 0_2_00A89C70 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A5C44A | 0_2_00A5C44A |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A69DA0 | 0_2_00A69DA0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AC1DAA | 0_2_00AC1DAA |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A575B0 | 0_2_00A575B0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AA6D8B | 0_2_00AA6D8B |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A7DD90 | 0_2_00A7DD90 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A70590 | 0_2_00A70590 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00ABA590 | 0_2_00ABA590 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A62DE0 | 0_2_00A62DE0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AA5DE0 | 0_2_00AA5DE0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AB85E0 | 0_2_00AB85E0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A585F0 | 0_2_00A585F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A5E5C0 | 0_2_00A5E5C0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A62530 | 0_2_00A62530 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AC7D10 | 0_2_00AC7D10 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A66560 | 0_2_00A66560 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A5BD40 | 0_2_00A5BD40 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A74540 | 0_2_00A74540 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AB7D40 | 0_2_00AB7D40 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A76D50 | 0_2_00A76D50 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A5A55B | 0_2_00A5A55B |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A7EE80 | 0_2_00A7EE80 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AA2E80 | 0_2_00AA2E80 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A56E90 | 0_2_00A56E90 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A7FE90 | 0_2_00A7FE90 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AB3E90 | 0_2_00AB3E90 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A5CEE0 | 0_2_00A5CEE0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A536F0 | 0_2_00A536F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A83ED0 | 0_2_00A83ED0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A75E20 | 0_2_00A75E20 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A87630 | 0_2_00A87630 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A87E30 | 0_2_00A87E30 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AB4630 | 0_2_00AB4630 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A57E00 | 0_2_00A57E00 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A60600 | 0_2_00A60600 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A7C600 | 0_2_00A7C600 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A73E00 | 0_2_00A73E00 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AB4E68 | 0_2_00AB4E68 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A85E70 | 0_2_00A85E70 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AA8E40 | 0_2_00AA8E40 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AB0640 | 0_2_00AB0640 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A9A650 | 0_2_00A9A650 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AA9FAB | 0_2_00AA9FAB |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A8A7A0 | 0_2_00A8A7A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AA87A0 | 0_2_00AA87A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AAA7A0 | 0_2_00AAA7A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A657B0 | 0_2_00A657B0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AAB7B0 | 0_2_00AAB7B0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A61F80 | 0_2_00A61F80 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AB9780 | 0_2_00AB9780 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A7A790 | 0_2_00A7A790 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A797E0 | 0_2_00A797E0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A7CFE0 | 0_2_00A7CFE0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AA37E0 | 0_2_00AA37E0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A6FFC0 | 0_2_00A6FFC0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A87FC0 | 0_2_00A87FC0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A547D0 | 0_2_00A547D0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A6F7D0 | 0_2_00A6F7D0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A73FD0 | 0_2_00A73FD0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A93720 | 0_2_00A93720 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A6C730 | 0_2_00A6C730 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A8E730 | 0_2_00A8E730 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AA4730 | 0_2_00AA4730 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AA5700 | 0_2_00AA5700 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A5AF10 | 0_2_00A5AF10 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A57F10 | 0_2_00A57F10 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A82F10 | 0_2_00A82F10 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A8B710 | 0_2_00A8B710 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A95F10 | 0_2_00A95F10 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AA3F60 | 0_2_00AA3F60 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A74770 | 0_2_00A74770 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AAE770 | 0_2_00AAE770 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AA9F4C | 0_2_00AA9F4C |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00A5F750 | 0_2_00A5F750 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AAF750 | 0_2_00AAF750 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 0_2_00AAFF50 | 0_2_00AAFF50 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A5C0A0 | 2_2_00A5C0A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A560A0 | 2_2_00A560A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A858A0 | 2_2_00A858A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A868A0 | 2_2_00A868A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AA28A0 | 2_2_00AA28A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AB78A0 | 2_2_00AB78A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A6D8E0 | 2_2_00A6D8E0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A898F0 | 2_2_00A898F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A918F0 | 2_2_00A918F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AB88F0 | 2_2_00AB88F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A6E0D0 | 2_2_00A6E0D0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AAD0D0 | 2_2_00AAD0D0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A68020 | 2_2_00A68020 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A78020 | 2_2_00A78020 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AA9030 | 2_2_00AA9030 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A64810 | 2_2_00A64810 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A8A816 | 2_2_00A8A816 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A59860 | 2_2_00A59860 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A5D870 | 2_2_00A5D870 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A6D070 | 2_2_00A6D070 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A60070 | 2_2_00A60070 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AD5072 | 2_2_00AD5072 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A8E050 | 2_2_00A8E050 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A67980 | 2_2_00A67980 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A92195 | 2_2_00A92195 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A5E9E0 | 2_2_00A5E9E0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AA59E0 | 2_2_00AA59E0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AD31F8 | 2_2_00AD31F8 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AAD9C0 | 2_2_00AAD9C0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00ABA9C0 | 2_2_00ABA9C0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A65130 | 2_2_00A65130 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A85130 | 2_2_00A85130 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A9C910 | 2_2_00A9C910 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A77160 | 2_2_00A77160 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A8D160 | 2_2_00A8D160 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A62940 | 2_2_00A62940 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A90140 | 2_2_00A90140 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A8C150 | 2_2_00A8C150 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A59AA0 | 2_2_00A59AA0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A7EAB1 | 2_2_00A7EAB1 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A7D2B0 | 2_2_00A7D2B0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A9C2B0 | 2_2_00A9C2B0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A57A80 | 2_2_00A57A80 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A57280 | 2_2_00A57280 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AB4A80 | 2_2_00AB4A80 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A88290 | 2_2_00A88290 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AAC290 | 2_2_00AAC290 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A6F2F0 | 2_2_00A6F2F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A6A2F0 | 2_2_00A6A2F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A7A2F0 | 2_2_00A7A2F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A84AF0 | 2_2_00A84AF0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A76A20 | 2_2_00A76A20 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A9EA20 | 2_2_00A9EA20 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A60A10 | 2_2_00A60A10 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A70A10 | 2_2_00A70A10 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AB0A10 | 2_2_00AB0A10 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AA7260 | 2_2_00AA7260 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A6FA40 | 2_2_00A6FA40 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A74A40 | 2_2_00A74A40 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A87240 | 2_2_00A87240 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A67250 | 2_2_00A67250 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A72BA0 | 2_2_00A72BA0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A9D3A0 | 2_2_00A9D3A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A58BB0 | 2_2_00A58BB0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A5C3B0 | 2_2_00A5C3B0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AAD3B0 | 2_2_00AAD3B0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A62380 | 2_2_00A62380 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A7C380 | 2_2_00A7C380 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A70380 | 2_2_00A70380 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A8FB80 | 2_2_00A8FB80 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AAB380 | 2_2_00AAB380 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AB5B80 | 2_2_00AB5B80 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00ABD3E8 | 2_2_00ABD3E8 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A5ABC0 | 2_2_00A5ABC0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A793D0 | 2_2_00A793D0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A85BD0 | 2_2_00A85BD0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A63B20 | 2_2_00A63B20 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A71330 | 2_2_00A71330 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A7FB30 | 2_2_00A7FB30 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AA9330 | 2_2_00AA9330 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A94B00 | 2_2_00A94B00 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00ABA300 | 2_2_00ABA300 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A6EB10 | 2_2_00A6EB10 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A85360 | 2_2_00A85360 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AB0360 | 2_2_00AB0360 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A6D340 | 2_2_00A6D340 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A75B40 | 2_2_00A75B40 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A82350 | 2_2_00A82350 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A93B50 | 2_2_00A93B50 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AA4350 | 2_2_00AA4350 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A5FCA0 | 2_2_00A5FCA0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A904B0 | 2_2_00A904B0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AAACB0 | 2_2_00AAACB0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AAE480 | 2_2_00AAE480 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AB2480 | 2_2_00AB2480 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AA8C90 | 2_2_00AA8C90 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A6CCE0 | 2_2_00A6CCE0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A734E0 | 2_2_00A734E0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A834E0 | 2_2_00A834E0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A5A4F0 | 2_2_00A5A4F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A61CF0 | 2_2_00A61CF0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A94CF0 | 2_2_00A94CF0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AA04F0 | 2_2_00AA04F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A81CC0 | 2_2_00A81CC0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A8BC20 | 2_2_00A8BC20 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AA6C20 | 2_2_00AA6C20 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A84430 | 2_2_00A84430 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A64400 | 2_2_00A64400 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AA9C00 | 2_2_00AA9C00 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A96C10 | 2_2_00A96C10 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A89C70 | 2_2_00A89C70 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A69DA0 | 2_2_00A69DA0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AC1DAA | 2_2_00AC1DAA |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A575B0 | 2_2_00A575B0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A70590 | 2_2_00A70590 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00ABA590 | 2_2_00ABA590 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A62DE0 | 2_2_00A62DE0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AA5DE0 | 2_2_00AA5DE0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AB85E0 | 2_2_00AB85E0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A585F0 | 2_2_00A585F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A5E5C0 | 2_2_00A5E5C0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A62530 | 2_2_00A62530 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AC7D10 | 2_2_00AC7D10 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A54D60 | 2_2_00A54D60 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A66560 | 2_2_00A66560 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A5BD40 | 2_2_00A5BD40 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A74540 | 2_2_00A74540 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AB7D40 | 2_2_00AB7D40 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A76D50 | 2_2_00A76D50 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A7EE81 | 2_2_00A7EE81 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AA2E80 | 2_2_00AA2E80 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A56E90 | 2_2_00A56E90 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AB3E90 | 2_2_00AB3E90 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A5CEE0 | 2_2_00A5CEE0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A536F0 | 2_2_00A536F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A926F0 | 2_2_00A926F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A83ED0 | 2_2_00A83ED0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A75E20 | 2_2_00A75E20 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A87630 | 2_2_00A87630 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A87E30 | 2_2_00A87E30 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AB4630 | 2_2_00AB4630 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A57E00 | 2_2_00A57E00 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A60600 | 2_2_00A60600 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A7C600 | 2_2_00A7C600 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A73E00 | 2_2_00A73E00 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AB4E68 | 2_2_00AB4E68 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A85E70 | 2_2_00A85E70 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AA8E40 | 2_2_00AA8E40 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AB0640 | 2_2_00AB0640 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A9A650 | 2_2_00A9A650 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A8A7A0 | 2_2_00A8A7A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AA87A0 | 2_2_00AA87A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AAA7A0 | 2_2_00AAA7A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A657B0 | 2_2_00A657B0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AAB7B0 | 2_2_00AAB7B0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A61F80 | 2_2_00A61F80 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A7A790 | 2_2_00A7A790 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A7CFE0 | 2_2_00A7CFE0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A797E0 | 2_2_00A797E0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AA37E0 | 2_2_00AA37E0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A6FFC0 | 2_2_00A6FFC0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A87FC0 | 2_2_00A87FC0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A547D0 | 2_2_00A547D0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A6F7D0 | 2_2_00A6F7D0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A73FD0 | 2_2_00A73FD0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A93720 | 2_2_00A93720 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A6C730 | 2_2_00A6C730 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A8E730 | 2_2_00A8E730 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AA4730 | 2_2_00AA4730 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AA9F00 | 2_2_00AA9F00 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AA5700 | 2_2_00AA5700 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A5AF10 | 2_2_00A5AF10 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A57F10 | 2_2_00A57F10 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A8B710 | 2_2_00A8B710 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A95F10 | 2_2_00A95F10 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AA3F60 | 2_2_00AA3F60 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A74770 | 2_2_00A74770 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AAE770 | 2_2_00AAE770 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00A5F750 | 2_2_00A5F750 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AAF750 | 2_2_00AAF750 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 2_2_00AAFF50 | 2_2_00AAFF50 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0042C080 | 3_2_0042C080 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0044F1D0 | 3_2_0044F1D0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_004452C0 | 3_2_004452C0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00428570 | 3_2_00428570 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_004375EB | 3_2_004375EB |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0044E6D0 | 3_2_0044E6D0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0040E82F | 3_2_0040E82F |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0041695B | 3_2_0041695B |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0042FA30 | 3_2_0042FA30 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0044DAC0 | 3_2_0044DAC0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0040BB90 | 3_2_0040BB90 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0044EC20 | 3_2_0044EC20 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00436D60 | 3_2_00436D60 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0041EECC | 3_2_0041EECC |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00444EE0 | 3_2_00444EE0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00421EF0 | 3_2_00421EF0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00448F30 | 3_2_00448F30 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00401040 | 3_2_00401040 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0044D050 | 3_2_0044D050 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00430020 | 3_2_00430020 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0044D0F0 | 3_2_0044D0F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0043E092 | 3_2_0043E092 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00421094 | 3_2_00421094 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0043C10C | 3_2_0043C10C |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_004101B0 | 3_2_004101B0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00446240 | 3_2_00446240 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00426220 | 3_2_00426220 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_004302C1 | 3_2_004302C1 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0043B2DE | 3_2_0043B2DE |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_004242E0 | 3_2_004242E0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0040A340 | 3_2_0040A340 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0044E340 | 3_2_0044E340 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0040C360 | 3_2_0040C360 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0044D380 | 3_2_0044D380 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0043238F | 3_2_0043238F |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0043644C | 3_2_0043644C |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0043E4EB | 3_2_0043E4EB |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0040F4FC | 3_2_0040F4FC |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00444480 | 3_2_00444480 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00429490 | 3_2_00429490 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0040D540 | 3_2_0040D540 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00403560 | 3_2_00403560 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00409560 | 3_2_00409560 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00421510 | 3_2_00421510 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00433520 | 3_2_00433520 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0044D580 | 3_2_0044D580 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00413670 | 3_2_00413670 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0043D6D2 | 3_2_0043D6D2 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_004446E0 | 3_2_004446E0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0041F6E9 | 3_2_0041F6E9 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0040C6F0 | 3_2_0040C6F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0041F68B | 3_2_0041F68B |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_004176B3 | 3_2_004176B3 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00410700 | 3_2_00410700 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0043D712 | 3_2_0043D712 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_004047E2 | 3_2_004047E2 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_004027A0 | 3_2_004027A0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00438809 | 3_2_00438809 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_004278F0 | 3_2_004278F0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0043C905 | 3_2_0043C905 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00431934 | 3_2_00431934 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0044AA44 | 3_2_0044AA44 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00425A00 | 3_2_00425A00 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00408AC0 | 3_2_00408AC0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0043FAE0 | 3_2_0043FAE0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0041EB48 | 3_2_0041EB48 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00402B50 | 3_2_00402B50 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0043EBE7 | 3_2_0043EBE7 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00449BA0 | 3_2_00449BA0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00431C50 | 3_2_00431C50 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00424C00 | 3_2_00424C00 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00430CC8 | 3_2_00430CC8 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00442CE4 | 3_2_00442CE4 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0044ACF4 | 3_2_0044ACF4 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0043ACFB | 3_2_0043ACFB |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0041BC90 | 3_2_0041BC90 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0040FCA0 | 3_2_0040FCA0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0040AD40 | 3_2_0040AD40 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0041CD4F | 3_2_0041CD4F |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0044CD60 | 3_2_0044CD60 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0042CD11 | 3_2_0042CD11 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0043FDC0 | 3_2_0043FDC0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00407DD0 | 3_2_00407DD0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0040CE40 | 3_2_0040CE40 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0044CE50 | 3_2_0044CE50 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00443E2E | 3_2_00443E2E |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0042EE30 | 3_2_0042EE30 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00411E3A | 3_2_00411E3A |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00445EC0 | 3_2_00445EC0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0043CEE0 | 3_2_0043CEE0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0041DEF1 | 3_2_0041DEF1 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00428EA0 | 3_2_00428EA0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00403F00 | 3_2_00403F00 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00424F29 | 3_2_00424F29 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0044DFD0 | 3_2_0044DFD0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00408FE0 | 3_2_00408FE0 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00437FFD | 3_2_00437FFD |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_00446F87 | 3_2_00446F87 |
| Source: C:\Users\user\Desktop\Aura.exe | Code function: 3_2_0042AF8B | 3_2_0042AF8B |
| Source: Amcache.hve.6.dr | Binary or memory string: VMware |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: interactivebrokers.co.inVMware20,11696428655d |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655 |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: global block list test formVMware20,11696428655 |
| Source: Aura.exe, 00000003.00000003.1425430503.000000000392D000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: - GDCDYNVMware20,11696428655p |
| Source: Amcache.hve.6.dr | Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
| Source: Aura.exe, 00000003.00000003.1353712898.0000000001327000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1484274331.0000000001327000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000002.2578879535.000000000132B000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1554970055.0000000001327000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1509341317.0000000001327000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1353557204.0000000001327000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1395874766.0000000001327000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1483876553.0000000001327000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.2198771625.000000000132A000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000002.2578727115.00000000012EC000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.2198373308.0000000001327000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: account.microsoft.com/profileVMware20,11696428655u |
| Source: Amcache.hve.6.dr | Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p |
| Source: Amcache.hve.6.dr | Binary or memory string: vmci.sys |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: AMC password management pageVMware20,11696428655 |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: tasks.office.comVMware20,11696428655o |
| Source: Aura.exe, 00000003.00000003.1353712898.0000000001327000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1484274331.0000000001327000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000002.2578879535.000000000132B000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1554970055.0000000001327000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1509341317.0000000001327000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1353557204.0000000001327000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1395874766.0000000001327000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.1483876553.0000000001327000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.2198771625.000000000132A000.00000004.00000020.00020000.00000000.sdmp, Aura.exe, 00000003.00000003.2198373308.0000000001327000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAWyk! |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: turbotax.intuit.comVMware20,11696428655t |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: interactivebrokers.comVMware20,11696428655 |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655 |
| Source: Amcache.hve.6.dr | Binary or memory string: VMware20,1 |
| Source: Amcache.hve.6.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
| Source: Amcache.hve.6.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
| Source: Amcache.hve.6.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - HKVMware20,11696428655] |
| Source: Amcache.hve.6.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
| Source: Amcache.hve.6.dr | Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
| Source: Amcache.hve.6.dr | Binary or memory string: VMware PCI VMCI Bus Device |
| Source: Amcache.hve.6.dr | Binary or memory string: VMware VMCI Bus Device |
| Source: Amcache.hve.LOG1.6.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.24224532.B64.2408191502,BiosReleaseDate:08/19/2024,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: bankofamerica.comVMware20,11696428655x |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655 |
| Source: Amcache.hve.6.dr | Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Canara Transaction PasswordVMware20,11696428655x |
| Source: Amcache.hve.6.dr | Binary or memory string: VMware Virtual USB Mouse |
| Source: Amcache.hve.6.dr | Binary or memory string: vmci.syshbin |
| Source: Amcache.hve.LOG1.6.dr | Binary or memory string: VMware, Inc. |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: discord.comVMware20,11696428655f |
| Source: Amcache.hve.6.dr | Binary or memory string: VMware20,1hbin@ |
| Source: Amcache.hve.6.dr | Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
| Source: Amcache.hve.6.dr | Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Canara Transaction PasswordVMware20,11696428655} |
| Source: Amcache.hve.6.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655 |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^ |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: secure.bankofamerica.comVMware20,11696428655|UE |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: www.interactivebrokers.comVMware20,11696428655} |
| Source: Amcache.hve.6.dr | Binary or memory string: c:/windows/system32/drivers/vmci.sys |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: outlook.office365.comVMware20,11696428655t |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x |
| Source: Amcache.hve.6.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655 |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: outlook.office.comVMware20,11696428655s |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~ |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: ms.portal.azure.comVMware20,11696428655 |
| Source: Amcache.hve.LOG1.6.dr | Binary or memory string: VMware Virtual RAMX |
| Source: Amcache.hve.6.dr | Binary or memory string: VMware-42 27 d9 2e dc 89 72 dd-92 e8 86 9f a5 a6 64 93 |
| Source: Amcache.hve.6.dr | Binary or memory string: vmci.syshbin` |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z |
| Source: Amcache.hve.6.dr | Binary or memory string: \driver\vmci,\driver\pci |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: dev.azure.comVMware20,11696428655j |
| Source: Amcache.hve.6.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: netportal.hdfcbank.comVMware20,11696428655 |
| Source: Amcache.hve.6.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
| Source: Aura.exe, 00000003.00000003.1425430503.0000000003928000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf | Jump to behavior |
| Source: C:\Users\user\Desktop\Aura.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao | Jump to behavior |
Edit tour
Aura.exe (PID: 8488 cmdline: 
conhost.exe (PID: 8496 cmdline: 
WerFault.exe (PID: 8648 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
