Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000002.00000002.933886627.0000000002471000.00000004.00000001.sdmp, Owdpdrv.exe, 0000000B.00000002.934476385.0000000002607000.00000004.00000001.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: Owdpdrv.exe, 0000000B.00000002.934476385.0000000002607000.00000004.00000001.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000002.00000002.934877979.00000000027C3000.00000004.00000001.sdmp, USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000002.00000003.899170983.0000000005111000.00000004.00000001.sdmp, USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000002.00000002.933886627.0000000002471000.00000004.00000001.sdmp, USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000002.00000002.934934311.00000000027D1000.00000004.00000001.sdmp | String found in binary or memory: http://WuQXJFerpNu.net |
Source: Owdpdrv.exe, 0000000B.00000002.934476385.0000000002607000.00000004.00000001.sdmp | String found in binary or memory: http://hHeaxI.com |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000002.00000002.934905842.00000000027C9000.00000004.00000001.sdmp | String found in binary or memory: http://mail.suncurepelletmill.com |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000002.00000002.934905842.00000000027C9000.00000004.00000001.sdmp | String found in binary or memory: http://suncurepelletmill.com |
Source: Owdpdrv.exe, 0000000B.00000002.934476385.0000000002607000.00000004.00000001.sdmp | String found in binary or memory: https://api.ipify.orgGETMozilla/5.0 |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000002.00000002.933886627.0000000002471000.00000004.00000001.sdmp, Owdpdrv.exe, 0000000B.00000002.934476385.0000000002607000.00000004.00000001.sdmp | String found in binary or memory: https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000001.00000002.696849625.0000000002600000.00000004.00000001.sdmp, Owdpdrv.exe, 00000005.00000002.784138611.0000000004050000.00000004.00000001.sdmp | String found in binary or memory: https://cdn.disc8 |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000001.00000002.696849625.0000000002600000.00000004.00000001.sdmp, Owdpdrv.exe, 00000005.00000002.784138611.0000000004050000.00000004.00000001.sdmp | String found in binary or memory: https://cdn.discorda |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000001.00000002.696849625.0000000002600000.00000004.00000001.sdmp, Owdpdrv.exe, 00000005.00000002.784138611.0000000004050000.00000004.00000001.sdmp | String found in binary or memory: https://cdn.discordapp.c |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000001.00000002.696849625.0000000002600000.00000004.00000001.sdmp, Owdpdrv.exe, 00000005.00000002.784138611.0000000004050000.00000004.00000001.sdmp | String found in binary or memory: https://cdn.discordapp.com/a |
Source: Owdpdrv.exe, 00000005.00000002.784138611.0000000004050000.00000004.00000001.sdmp | String found in binary or memory: https://cdn.discordapp.com/attac0 |
Source: Owdpdrv.exe, 00000005.00000002.784138611.0000000004050000.00000004.00000001.sdmp | String found in binary or memory: https://cdn.discordapp.com/attachmen |
Source: Owdpdrv.exe, 00000005.00000002.784138611.0000000004050000.00000004.00000001.sdmp | String found in binary or memory: https://cdn.discordapp.com/attachments/7 |
Source: Owdpdrv.exe, 00000005.00000002.784138611.0000000004050000.00000004.00000001.sdmp | String found in binary or memory: https://cdn.discordapp.com/attachments/77848 |
Source: Owdpdrv.exe, 00000005.00000002.784138611.0000000004050000.00000004.00000001.sdmp | String found in binary or memory: https://cdn.discordapp.com/attachments/7784816176054 |
Source: Owdpdrv.exe, 00000005.00000002.784138611.0000000004050000.00000004.00000001.sdmp | String found in binary or memory: https://cdn.discordapp.com/attachments/77848161760549277$ |
Source: Owdpdrv.exe, 00000005.00000002.784138611.0000000004050000.00000004.00000001.sdmp | String found in binary or memory: https://cdn.discordapp.com/attachments/778481617605492770/77 |
Source: Owdpdrv.exe, 00000005.00000002.784138611.0000000004050000.00000004.00000001.sdmp | String found in binary or memory: https://cdn.discordapp.com/attachments/778481617605492770/779193 |
Source: Owdpdrv.exe, 00000005.00000002.784138611.0000000004050000.00000004.00000001.sdmp | String found in binary or memory: https://cdn.discordapp.com/attachments/778481617605492770/7791933544 |
Source: Owdpdrv.exe, 00000005.00000002.784138611.0000000004050000.00000004.00000001.sdmp | String found in binary or memory: https://cdn.discordapp.com/attachments/778481617605492770/77919335445784 |
Source: Owdpdrv.exe, 00000005.00000002.784138611.0000000004050000.00000004.00000001.sdmp | String found in binary or memory: https://cdn.discordapp.com/attachments/778481617605492770/779193354457841664 |
Source: Owdpdrv.exe, 00000005.00000002.784138611.0000000004050000.00000004.00000001.sdmp | String found in binary or memory: https://cdn.discordapp.com/attachments/778481617605492770/779193354457841664/OwdH |
Source: Owdpdrv.exe, 00000005.00000002.784138611.0000000004050000.00000004.00000001.sdmp | String found in binary or memory: https://cdn.discordapp.com/attachments/778481617605492770/779193354457841664/Owdprrr |
Source: Owdpdrv.exe, 00000005.00000002.784138611.0000000004050000.00000004.00000001.sdmp | String found in binary or memory: https://cdn.discordapp.com/attachments/7784816178 |
Source: Owdpdrv.exe, 00000005.00000002.784138611.0000000004050000.00000004.00000001.sdmp | String found in binary or memory: https://discord.com/ |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000002.00000002.933886627.0000000002471000.00000004.00000001.sdmp, Owdpdrv.exe, 0000000B.00000002.934476385.0000000002607000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00408C60 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_0040DC11 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00407C3F |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00418CCC |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00406CA0 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_004028B0 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_0041A4BE |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00418244 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00401650 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00402F20 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_004193C4 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00418788 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00402F89 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00402B90 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_004073A0 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00480040 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_0048A4D8 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_0048CCF8 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_004895F8 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00480D91 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00487048 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00493048 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_0049BC78 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_0049D988 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00498E00 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_0049F220 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00493311 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00499CE8 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_0049AD80 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00814824 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00813028 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00818478 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00811560 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_0081A8C8 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00812FC8 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_0081DF12 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_0086B278 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_00408C60 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_0040DC11 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_00407C3F |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_00418CCC |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_00406CA0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_004028B0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_0041A4BE |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_00418244 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_00401650 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_00402F20 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_004193C4 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_00418788 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_00402F89 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_00402B90 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_004073A0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_02170C56 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_02170C60 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_04F70040 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_04F7001F |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_04F79283 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_05A62FA0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_05A64EB0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_05A62388 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_05A626D0 |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000001.00000002.696671406.00000000023F0000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenameuser32j% vs USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000001.00000002.698043220.000000007F470000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameygwxuBNDsCnleMFrPILFrkECdmuYRRQwMZPAraQ.exe4 vs USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000001.00000002.697939174.00000000046E0000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamemswsock.dll.muij% vs USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000001.00000002.696682355.0000000002410000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenameCOMCTL32.DLL.MUIj% vs USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000001.00000002.697299189.0000000002AA0000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000002.00000002.927294895.000000000045A000.00000040.00000001.sdmp | Binary or memory string: OriginalFilenameygwxuBNDsCnleMFrPILFrkECdmuYRRQwMZPAraQ.exe4 vs USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000002.00000003.698959513.0000000000708000.00000004.00000001.sdmp | Binary or memory string: OriginalFilename_.dll4 vs USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000002.00000002.930286972.00000000007F0000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamewshom.ocx.mui vs USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000002.00000002.938935829.0000000005610000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000002.00000002.938230564.0000000004F30000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamenlsbres.dll.muij% vs USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000002.00000002.933886627.0000000002471000.00000004.00000001.sdmp | Binary or memory string: OriginalFilename vs USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000002.00000002.938190674.0000000004F20000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamenlsbres.dllj% vs USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000002.00000002.927026885.0000000000198000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameUNKNOWN_FILET vs USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE |
Source: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE, 00000002.00000002.939208870.0000000005920000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamemscorrc.dllT vs USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE |
Source: 00000005.00000002.783743346.0000000002C67000.00000020.00000001.sdmp, type: MEMORY | Matched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019 |
Source: 00000005.00000002.783743346.0000000002C67000.00000020.00000001.sdmp, type: MEMORY | Matched rule: Methodology_Suspicious_Shortcut_IconNotFromExeOrDLLOrICO author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/ItsReallyNick/status/1176229087196696577, score = 27.09.2019 |
Source: 00000001.00000002.697786352.0000000002E07000.00000020.00000001.sdmp, type: MEMORY | Matched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019 |
Source: 00000001.00000002.697786352.0000000002E07000.00000020.00000001.sdmp, type: MEMORY | Matched rule: Methodology_Suspicious_Shortcut_IconNotFromExeOrDLLOrICO author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/ItsReallyNick/status/1176229087196696577, score = 27.09.2019 |
Source: C:\Users\user\AppData\Local\pdwO.url, type: DROPPED | Matched rule: Methodology_Shortcut_HotKey author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019 |
Source: C:\Users\user\AppData\Local\pdwO.url, type: DROPPED | Matched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019 |
Source: C:\Users\user\AppData\Local\pdwO.url, type: DROPPED | Matched rule: Methodology_Suspicious_Shortcut_IconNotFromExeOrDLLOrICO author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/ItsReallyNick/status/1176229087196696577, score = 27.09.2019 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_0041C40C push cs; iretd |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00423149 push eax; ret |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_0041C50E push cs; iretd |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_004231C8 push eax; ret |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_0040E21D push ecx; ret |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_0041C6BE push ebx; ret |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00485E8F push edi; retn 0000h |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_0041C40C push cs; iretd |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_00423149 push eax; ret |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_0041C50E push cs; iretd |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_004231C8 push eax; ret |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_0040E21D push ecx; ret |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_0041C6BE push ebx; ret |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_04F765C3 push eax; ret |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE TID: 7068 | Thread sleep time: -4611686018427385s >= -30000s |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE TID: 7084 | Thread sleep count: 263 > 30 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE TID: 7084 | Thread sleep count: 597 > 30 |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE TID: 7068 | Thread sleep time: -30000s >= -30000s |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE TID: 7068 | Thread sleep time: -59406s >= -30000s |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE TID: 7068 | Thread sleep time: -52094s >= -30000s |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE TID: 7068 | Thread sleep time: -38094s >= -30000s |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE TID: 7068 | Thread sleep time: -58312s >= -30000s |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE TID: 7068 | Thread sleep time: -57406s >= -30000s |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE TID: 7068 | Thread sleep time: -56312s >= -30000s |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE TID: 7068 | Thread sleep time: -55406s >= -30000s |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE TID: 7068 | Thread sleep time: -55000s >= -30000s |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE TID: 7068 | Thread sleep time: -54812s >= -30000s |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE TID: 7068 | Thread sleep time: -54094s >= -30000s |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE TID: 7068 | Thread sleep time: -53906s >= -30000s |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE TID: 7068 | Thread sleep time: -53000s >= -30000s |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE TID: 7068 | Thread sleep time: -52812s >= -30000s |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE TID: 7068 | Thread sleep time: -52594s >= -30000s |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE TID: 7068 | Thread sleep time: -51906s >= -30000s |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE TID: 7068 | Thread sleep time: -51500s >= -30000s |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE TID: 7068 | Thread sleep time: -51312s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -922337203685477s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 6756 | Thread sleep count: 471 > 30 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -58500s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -57594s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -56500s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -55188s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -55000s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -53688s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -53000s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -52594s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -51500s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -50594s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -49500s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -48594s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -47094s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -44000s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -43594s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -43188s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -42688s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -42500s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -42094s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -41188s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -41000s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -40500s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -40094s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -39688s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -39188s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -39000s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -38594s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -38094s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -37500s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -37000s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -36594s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -35500s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -35094s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -34594s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -34000s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -33500s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -33094s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -32688s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -32000s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -31594s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -31094s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -30688s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -30500s >= -30000s |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe TID: 7048 | Thread sleep time: -30000s >= -30000s |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Code function: 2_2_004123F1 SetUnhandledExceptionFilter, |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Code function: 11_2_004123F1 SetUnhandledExceptionFilter, |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Users\user\Desktop\USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: Yara match | File source: 0000000B.00000002.932033702.00000000021F4000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000B.00000003.767263953.00000000004C1000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000B.00000002.935842915.0000000004F00000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.935435728.0000000003471000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.933607178.0000000002400000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000B.00000002.934613196.0000000003531000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000B.00000002.934476385.0000000002607000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.933886627.0000000002471000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.933280290.0000000002234000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000B.00000002.935490984.0000000004970000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000003.694028712.00000000006BD000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.937725779.0000000004EC0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE PID: 4460, type: MEMORY |
Source: Yara match | File source: Process Memory Space: Owdpdrv.exe PID: 4800, type: MEMORY |
Source: Yara match | File source: 11.2.Owdpdrv.exe.4f00000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE.4ec0000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE.2400000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE.2400000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.Owdpdrv.exe.4f00000.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.Owdpdrv.exe.4970000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.Owdpdrv.exe.4970000.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE.4ec0000.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0000000B.00000002.932033702.00000000021F4000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000B.00000003.767263953.00000000004C1000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000B.00000002.935842915.0000000004F00000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.935435728.0000000003471000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.933607178.0000000002400000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000B.00000002.934613196.0000000003531000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000B.00000002.934476385.0000000002607000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.933886627.0000000002471000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.933280290.0000000002234000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000B.00000002.935490984.0000000004970000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000003.694028712.00000000006BD000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.937725779.0000000004EC0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE PID: 4460, type: MEMORY |
Source: Yara match | File source: Process Memory Space: Owdpdrv.exe PID: 4800, type: MEMORY |
Source: Yara match | File source: 11.2.Owdpdrv.exe.4f00000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE.4ec0000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE.2400000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE.2400000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.Owdpdrv.exe.4f00000.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.Owdpdrv.exe.4970000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.Owdpdrv.exe.4970000.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE.4ec0000.3.unpack, type: UNPACKEDPE |