Source: | Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875879103.000000001F458000.00000004.00000001.sdmp, api-ms-win-crt-locale-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.876327978.000000001F490000.00000004.00000001.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.28.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: Halkbank02.exe, 0000001C.00000003.872382699.000000001EFC4000.00000004.00000001.sdmp, mozglue.dll.28.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.dr |
Source: | Binary string: api-ms-win-core-file-l1-2-0.pdb source: Halkbank02.exe, 0000001C.00000003.874818070.00000000200E0000.00000004.00000001.sdmp, api-ms-win-core-file-l1-2-0.dll.28.dr |
Source: | Binary string: ucrtbase.pdb source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, ucrtbase.dll.28.dr |
Source: | Binary string: api-ms-win-core-memory-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-memory-l1-1-0.dll.28.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: Halkbank02.exe, 0000001C.00000003.872382699.000000001EFC4000.00000004.00000001.sdmp, freebl3.dll.28.dr |
Source: | Binary string: api-ms-win-core-debug-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874674316.00000000200D4000.00000004.00000001.sdmp, api-ms-win-core-debug-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875491758.000000001F448000.00000004.00000001.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875879103.000000001F458000.00000004.00000001.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.876327978.000000001F490000.00000004.00000001.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-heap-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874899344.00000000200EC000.00000004.00000001.sdmp, api-ms-win-core-heap-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-util-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875685309.000000001F450000.00000004.00000001.sdmp, api-ms-win-core-util-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-synch-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-synch-l1-1-0.dll.28.dr |
Source: | Binary string: vcruntime140.i386.pdbGCTL source: Halkbank02.exe, 0000001C.00000003.881018739.000000001F820000.00000004.00000001.sdmp, vcruntime140.dll.28.dr |
Source: | Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875879103.000000001F458000.00000004.00000001.sdmp, api-ms-win-crt-environment-l1-1-0.dll.28.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: Halkbank02.exe, 0000001C.00000003.872382699.000000001EFC4000.00000004.00000001.sdmp, mozglue.dll.28.dr |
Source: | Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.869027129.000000001F838000.00000004.00000001.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-processthreads-l1-1-0.dll.28.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: Halkbank02.exe, 0000001C.00000003.872382699.000000001EFC4000.00000004.00000001.sdmp, freebl3.dll.28.dr |
Source: | Binary string: api-ms-win-core-console-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000002.901129963.000000001F860000.00000004.00000001.sdmp, api-ms-win-core-console-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-file-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874818070.00000000200E0000.00000004.00000001.sdmp, api-ms-win-core-file-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-private-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.876256297.000000001F478000.00000004.00000001.sdmp, api-ms-win-crt-private-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875879103.000000001F458000.00000004.00000001.sdmp, api-ms-win-crt-convert-l1-1-0.dll.28.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr |
Source: | Binary string: msvcp140.i386.pdb source: Halkbank02.exe, 0000001C.00000003.876940692.000000001F530000.00000004.00000001.sdmp, msvcp140.dll.28.dr |
Source: | Binary string: api-ms-win-core-profile-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-profile-l1-1-0.dll.28.dr |
Source: | Binary string: ucrtbase.pdbUGP source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, ucrtbase.dll.28.dr |
Source: | Binary string: api-ms-win-crt-time-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.872117132.000000001EFC4000.00000004.00000001.sdmp, api-ms-win-crt-time-l1-1-0.dll.28.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nssdbm3.dll.28.dr |
Source: | Binary string: api-ms-win-core-handle-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874899344.00000000200EC000.00000004.00000001.sdmp, api-ms-win-core-handle-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-synch-l1-2-0.pdb source: Halkbank02.exe, 0000001C.00000003.870977200.000000001F83C000.00000004.00000001.sdmp, api-ms-win-core-synch-l1-2-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-processenvironment-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.868789686.000000001F83C000.00000004.00000001.sdmp, api-ms-win-core-datetime-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875685309.000000001F450000.00000004.00000001.sdmp, api-ms-win-crt-conio-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-math-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875879103.000000001F458000.00000004.00000001.sdmp, api-ms-win-crt-math-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-localization-l1-2-0.pdb source: Halkbank02.exe, 0000001C.00000003.869710011.000000001EFC0000.00000004.00000001.sdmp, api-ms-win-core-localization-l1-2-0.dll.28.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr |
Source: | Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: Halkbank02.exe, api-ms-win-core-processthreads-l1-1-1.dll.28.dr |
Source: | Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-namedpipe-l1-1-0.dll.28.dr |
Source: | Binary string: vcruntime140.i386.pdb source: Halkbank02.exe, 0000001C.00000003.881018739.000000001F820000.00000004.00000001.sdmp, vcruntime140.dll.28.dr |
Source: | Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.881018739.000000001F820000.00000004.00000001.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.876736098.000000001F4B0000.00000004.00000001.sdmp, api-ms-win-crt-utility-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-rtlsupport-l1-1-0.dll.28.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nssdbm3.dll.28.dr |
Source: | Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875491758.000000001F448000.00000004.00000001.sdmp, api-ms-win-core-timezone-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-string-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-string-l1-1-0.dll.28.dr |
Source: | Binary string: msvcp140.i386.pdbGCTL source: Halkbank02.exe, 0000001C.00000003.876940692.000000001F530000.00000004.00000001.sdmp, msvcp140.dll.28.dr |
Source: | Binary string: api-ms-win-core-file-l2-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874899344.00000000200EC000.00000004.00000001.sdmp, api-ms-win-core-file-l2-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-process-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.876327978.000000001F490000.00000004.00000001.sdmp, api-ms-win-crt-process-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874994667.000000001F404000.00000004.00000001.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874994667.000000001F404000.00000004.00000001.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.871542123.000000001EFC0000.00000004.00000001.sdmp, api-ms-win-crt-heap-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-string-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.872117132.000000001EFC4000.00000004.00000001.sdmp, api-ms-win-crt-string-l1-1-0.dll.28.dr |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 4x nop then mov ebx, ebx |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 5x nop then xor eax, 4C849A4Bh |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 4x nop then mov ebx, ebx |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 5x nop then xor eax, 4C849A4Bh |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 5x nop then xor eax, 4C849A4Bh |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 5x nop then xor eax, 4C849A4Bh |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 4x nop then mov ebx, ebx |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 5x nop then xor eax, 4C849A4Bh |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 5x nop then xor eax, 4C849A4Bh |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 4x nop then mov ebx, ebx |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 5x nop then xor eax, 4C849A4Bh |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 4x nop then mov ebx, ebx |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 5x nop then xor eax, 4C849A4Bh |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 4x nop then mov ebx, ebx |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 5x nop then xor eax, 4C849A4Bh |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 5x nop then xor eax, 4C849A4Bh |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 5x nop then xor eax, 4C849A4Bh |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 5x nop then xor eax, 4C849A4Bh |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 4x nop then mov ebx, ebx |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 5x nop then xor eax, 4C849A4Bh |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 5x nop then xor eax, 4C849A4Bh |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 5x nop then xor eax, 4C849A4Bh |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 4x nop then mov ebx, ebx |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 5x nop then xor eax, 4C849A4Bh |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 5x nop then xor eax, 4C849A4Bh |
Source: Halkbank02.exe, 0000001C.00000002.899718241.000000001E420000.00000004.00000001.sdmp | String found in binary or memory: http://31.210.20.16/panel1/index.php |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05 |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | String found in binary or memory: http://ocsp.digicert.com0C |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | String found in binary or memory: http://ocsp.digicert.com0N |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | String found in binary or memory: http://ocsp.thawte.com0 |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: mozglue.dll.28.dr | String found in binary or memory: http://www.mozilla.com/en-US/blocklist/ |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | String found in binary or memory: http://www.mozilla.com0 |
Source: Halkbank02.exe, 0000001C.00000002.901935442.000000001FCB0000.00000004.00000001.sdmp | String found in binary or memory: http://www.msn.com/de-ch/ |
Source: 204641256101765428455219.tmp.28.dr | String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: 204641256101765428455219.tmp.28.dr | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: 204641256101765428455219.tmp.28.dr | String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: 204641256101765428455219.tmp.28.dr | String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: 204641256101765428455219.tmp.28.dr | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: 204641256101765428455219.tmp.28.dr | String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search |
Source: 204641256101765428455219.tmp.28.dr | String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: Halkbank02.exe, 0000001C.00000002.901935442.000000001FCB0000.00000004.00000001.sdmp | String found in binary or memory: https://www.google.com/chrome/thank-you.html |
Source: 204641256101765428455219.tmp.28.dr | String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: 28.2.Halkbank02.exe.1fcb3556.3.raw.unpack, type: UNPACKEDPE | Matched rule: OlympicDestroyer Payload Author: kevoreilly |
Source: 28.2.Halkbank02.exe.1fcb7b4f.5.raw.unpack, type: UNPACKEDPE | Matched rule: OlympicDestroyer Payload Author: kevoreilly |
Source: 28.2.Halkbank02.exe.1fcbc4bf.4.raw.unpack, type: UNPACKEDPE | Matched rule: OlympicDestroyer Payload Author: kevoreilly |
Source: 00000001.00000002.559362429.0000000000410000.00000020.00020000.sdmp, type: MEMORY | Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth |
Source: 00000001.00000000.235153506.0000000000410000.00000020.00020000.sdmp, type: MEMORY | Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth |
Source: 0000001C.00000000.557106702.0000000000410000.00000020.00020000.sdmp, type: MEMORY | Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth |
Source: 28.2.Halkbank02.exe.1fcb3556.3.raw.unpack, type: UNPACKEDPE | Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload |
Source: 28.2.Halkbank02.exe.1fcb7b4f.5.raw.unpack, type: UNPACKEDPE | Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload |
Source: 28.2.Halkbank02.exe.1fcbc4bf.4.raw.unpack, type: UNPACKEDPE | Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload |
Source: 00000001.00000002.559362429.0000000000410000.00000020.00020000.sdmp, type: MEMORY | Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000001.00000000.235153506.0000000000410000.00000020.00020000.sdmp, type: MEMORY | Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0000001C.00000000.557106702.0000000000410000.00000020.00020000.sdmp, type: MEMORY | Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_00401500 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_00402872 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_00402C7A |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_00402A0C |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_00402C3F |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_004028F7 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_00402A81 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_004020A7 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_00401550 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_00402B02 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_004027DC |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_00402B84 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_0040298D |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A0E15 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022AA2B9 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A08DF |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A614D |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A65A4 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A11E1 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A122A |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A022B |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A2024 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A4E25 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A060B |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022AA00E |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A146E |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A3673 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A0A46 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A1C46 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A8452 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A2850 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A18AE |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A4AA3 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A9AA0 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A38A1 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A46B6 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A248A |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A8E8E |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A628F |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A3093 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A7294 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A98EA |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A28EB |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A8EE0 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A90F3 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A22F6 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A52C8 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022AA8D9 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A50D3 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022AACD7 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A352D |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A6F22 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A630A |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A9B0D |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A2F1D |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A8D6F |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A5963 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A1B72 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A9149 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A1340 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A9745 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A8F56 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A4983 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A6781 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A1592 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A85E3 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A4DF9 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A41F0 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022AA7C9 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A99C2 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A9DC3 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A9DC1 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A05DF |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A69DD |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A37D2 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A4DD3 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A89D6 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A0E15 NtWriteVirtualMemory,LoadLibraryA, |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022AA2B9 NtWriteVirtualMemory,K32GetDeviceDriverBaseNameA, |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A65A4 NtWriteVirtualMemory,NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A11E1 NtWriteVirtualMemory,TerminateProcess,LoadLibraryA, |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022AA1D8 NtProtectVirtualMemory, |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A2024 NtWriteVirtualMemory, |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022AA254 NtProtectVirtualMemory, |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A52C8 NtWriteVirtualMemory, |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A50D3 NtWriteVirtualMemory, |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022AACD7 NtWriteVirtualMemory, |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A352D NtWriteVirtualMemory,LoadLibraryA, |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A8D6F NtWriteVirtualMemory, |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A5963 NtWriteVirtualMemory, |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A6781 NtWriteVirtualMemory,LoadLibraryA, |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A85E3 NtWriteVirtualMemory, |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A4DF9 NtWriteVirtualMemory, |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A41F0 NtWriteVirtualMemory, |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A4DD3 NtWriteVirtualMemory, |
Source: api-ms-win-core-util-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-private-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-file-l2-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-heap-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-localization-l1-2-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-console-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-math-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-filesystem-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-multibyte-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-processthreads-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-time-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-debug-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-environment-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-locale-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-convert-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-conio-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-file-l1-2-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-libraryloader-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-file-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-processthreads-l1-1-1.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-errorhandling-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-profile-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-processenvironment-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-handle-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-utility-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-string-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-string-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-datetime-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-timezone-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-heap-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-stdio-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-memory-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-sysinfo-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-synch-l1-2-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-interlocked-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-namedpipe-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-synch-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-process-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-runtime-l1-1-0.dll.28.dr | Static PE information: No import functions for PE file found |
Source: Halkbank02.exe, 00000001.00000000.235179747.0000000000418000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenamemeduse.exe vs Halkbank02.exe |
Source: Halkbank02.exe, 00000001.00000002.562536410.0000000002180000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamemeduse.exeFE2XGeneral court% vs Halkbank02.exe |
Source: Halkbank02.exe | Binary or memory string: OriginalFilename vs Halkbank02.exe |
Source: Halkbank02.exe, 0000001C.00000003.872117132.000000001EFC4000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameapisetstubj% vs Halkbank02.exe |
Source: Halkbank02.exe, 0000001C.00000003.881018739.000000001F820000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamevcruntime140.dll^ vs Halkbank02.exe |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamenss3.dll0 vs Halkbank02.exe |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamenssdbm3.dll0 vs Halkbank02.exe |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamesoftokn3.dll0 vs Halkbank02.exe |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameucrtbase.dllj% vs Halkbank02.exe |
Source: Halkbank02.exe, 0000001C.00000003.872382699.000000001EFC4000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamefreebl3.dll0 vs Halkbank02.exe |
Source: Halkbank02.exe, 0000001C.00000003.872382699.000000001EFC4000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamemozglue.dll0 vs Halkbank02.exe |
Source: Halkbank02.exe, 0000001C.00000003.876940692.000000001F530000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamemsvcp140.dll^ vs Halkbank02.exe |
Source: Halkbank02.exe, 0000001C.00000000.557120833.0000000000418000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenamemeduse.exe vs Halkbank02.exe |
Source: Halkbank02.exe | Binary or memory string: OriginalFilenamemeduse.exe vs Halkbank02.exe |
Source: unknown | Process created: C:\Users\user\Desktop\Halkbank02.exe 'C:\Users\user\Desktop\Halkbank02.exe' |
Source: C:\Users\user\Desktop\Halkbank02.exe | Process created: C:\Users\user\Desktop\Halkbank02.exe 'C:\Users\user\Desktop\Halkbank02.exe' |
Source: C:\Users\user\Desktop\Halkbank02.exe | Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\system32\cmd.exe' /c C:\Windows\system32\timeout.exe 3 & del 'Halkbank02.exe' |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3 |
Source: C:\Users\user\Desktop\Halkbank02.exe | Process created: C:\Users\user\Desktop\Halkbank02.exe 'C:\Users\user\Desktop\Halkbank02.exe' |
Source: C:\Users\user\Desktop\Halkbank02.exe | Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\system32\cmd.exe' /c C:\Windows\system32\timeout.exe 3 & del 'Halkbank02.exe' |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3 |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2); |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.dr | Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q); |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | Binary or memory string: SELECT ALL %s FROM %s WHERE id=$ID; |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | Binary or memory string: SELECT ALL * FROM %s LIMIT 0; |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.dr | Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB); |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.dr | Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB); |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.dr | Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx)); |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | Binary or memory string: UPDATE %s SET %s WHERE id=$ID; |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID; |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | Binary or memory string: SELECT ALL id FROM %s WHERE %s; |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | Binary or memory string: SELECT ALL id FROM %s; |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1); |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s); |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.dr | Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s; |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.dr | Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s; |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.dr | Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB); |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.dr | Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */); |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.dr | Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
Source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr | Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2); |
Source: | Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875879103.000000001F458000.00000004.00000001.sdmp, api-ms-win-crt-locale-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.876327978.000000001F490000.00000004.00000001.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.28.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: Halkbank02.exe, 0000001C.00000003.872382699.000000001EFC4000.00000004.00000001.sdmp, mozglue.dll.28.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nss3.dll.28.dr |
Source: | Binary string: api-ms-win-core-file-l1-2-0.pdb source: Halkbank02.exe, 0000001C.00000003.874818070.00000000200E0000.00000004.00000001.sdmp, api-ms-win-core-file-l1-2-0.dll.28.dr |
Source: | Binary string: ucrtbase.pdb source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, ucrtbase.dll.28.dr |
Source: | Binary string: api-ms-win-core-memory-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-memory-l1-1-0.dll.28.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: Halkbank02.exe, 0000001C.00000003.872382699.000000001EFC4000.00000004.00000001.sdmp, freebl3.dll.28.dr |
Source: | Binary string: api-ms-win-core-debug-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874674316.00000000200D4000.00000004.00000001.sdmp, api-ms-win-core-debug-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875491758.000000001F448000.00000004.00000001.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875879103.000000001F458000.00000004.00000001.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.876327978.000000001F490000.00000004.00000001.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-heap-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874899344.00000000200EC000.00000004.00000001.sdmp, api-ms-win-core-heap-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-util-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875685309.000000001F450000.00000004.00000001.sdmp, api-ms-win-core-util-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-synch-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-synch-l1-1-0.dll.28.dr |
Source: | Binary string: vcruntime140.i386.pdbGCTL source: Halkbank02.exe, 0000001C.00000003.881018739.000000001F820000.00000004.00000001.sdmp, vcruntime140.dll.28.dr |
Source: | Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875879103.000000001F458000.00000004.00000001.sdmp, api-ms-win-crt-environment-l1-1-0.dll.28.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: Halkbank02.exe, 0000001C.00000003.872382699.000000001EFC4000.00000004.00000001.sdmp, mozglue.dll.28.dr |
Source: | Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.869027129.000000001F838000.00000004.00000001.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-processthreads-l1-1-0.dll.28.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: Halkbank02.exe, 0000001C.00000003.872382699.000000001EFC4000.00000004.00000001.sdmp, freebl3.dll.28.dr |
Source: | Binary string: api-ms-win-core-console-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000002.901129963.000000001F860000.00000004.00000001.sdmp, api-ms-win-core-console-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-file-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874818070.00000000200E0000.00000004.00000001.sdmp, api-ms-win-core-file-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-private-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.876256297.000000001F478000.00000004.00000001.sdmp, api-ms-win-crt-private-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875879103.000000001F458000.00000004.00000001.sdmp, api-ms-win-crt-convert-l1-1-0.dll.28.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr |
Source: | Binary string: msvcp140.i386.pdb source: Halkbank02.exe, 0000001C.00000003.876940692.000000001F530000.00000004.00000001.sdmp, msvcp140.dll.28.dr |
Source: | Binary string: api-ms-win-core-profile-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-profile-l1-1-0.dll.28.dr |
Source: | Binary string: ucrtbase.pdbUGP source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, ucrtbase.dll.28.dr |
Source: | Binary string: api-ms-win-crt-time-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.872117132.000000001EFC4000.00000004.00000001.sdmp, api-ms-win-crt-time-l1-1-0.dll.28.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nssdbm3.dll.28.dr |
Source: | Binary string: api-ms-win-core-handle-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874899344.00000000200EC000.00000004.00000001.sdmp, api-ms-win-core-handle-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-synch-l1-2-0.pdb source: Halkbank02.exe, 0000001C.00000003.870977200.000000001F83C000.00000004.00000001.sdmp, api-ms-win-core-synch-l1-2-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-processenvironment-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.868789686.000000001F83C000.00000004.00000001.sdmp, api-ms-win-core-datetime-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875685309.000000001F450000.00000004.00000001.sdmp, api-ms-win-crt-conio-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-math-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875879103.000000001F458000.00000004.00000001.sdmp, api-ms-win-crt-math-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-localization-l1-2-0.pdb source: Halkbank02.exe, 0000001C.00000003.869710011.000000001EFC0000.00000004.00000001.sdmp, api-ms-win-core-localization-l1-2-0.dll.28.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, softokn3.dll.28.dr |
Source: | Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: Halkbank02.exe, api-ms-win-core-processthreads-l1-1-1.dll.28.dr |
Source: | Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-namedpipe-l1-1-0.dll.28.dr |
Source: | Binary string: vcruntime140.i386.pdb source: Halkbank02.exe, 0000001C.00000003.881018739.000000001F820000.00000004.00000001.sdmp, vcruntime140.dll.28.dr |
Source: | Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.881018739.000000001F820000.00000004.00000001.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.876736098.000000001F4B0000.00000004.00000001.sdmp, api-ms-win-crt-utility-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-rtlsupport-l1-1-0.dll.28.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: Halkbank02.exe, 0000001C.00000003.878215194.000000001F598000.00000004.00000001.sdmp, nssdbm3.dll.28.dr |
Source: | Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.875491758.000000001F448000.00000004.00000001.sdmp, api-ms-win-core-timezone-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-string-l1-1-0.pdb source: Halkbank02.exe, api-ms-win-core-string-l1-1-0.dll.28.dr |
Source: | Binary string: msvcp140.i386.pdbGCTL source: Halkbank02.exe, 0000001C.00000003.876940692.000000001F530000.00000004.00000001.sdmp, msvcp140.dll.28.dr |
Source: | Binary string: api-ms-win-core-file-l2-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874899344.00000000200EC000.00000004.00000001.sdmp, api-ms-win-core-file-l2-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-process-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.876327978.000000001F490000.00000004.00000001.sdmp, api-ms-win-crt-process-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874994667.000000001F404000.00000004.00000001.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.874994667.000000001F404000.00000004.00000001.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.871542123.000000001EFC0000.00000004.00000001.sdmp, api-ms-win-crt-heap-l1-1-0.dll.28.dr |
Source: | Binary string: api-ms-win-crt-string-l1-1-0.pdb source: Halkbank02.exe, 0000001C.00000003.872117132.000000001EFC4000.00000004.00000001.sdmp, api-ms-win-crt-string-l1-1-0.dll.28.dr |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_00403640 push 966DCA76h; iretd |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_00405A45 push esp; iretd |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_00403C65 push ds; iretd |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_00405E73 push ds; iretd |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_00404A75 push 7B3E4015h; iretd |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_00407231 push esp; retf |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_004080C5 push E868A7E5h; iretd |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_00406ED7 push esi; ret |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_004082EB pushfd ; iretd |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_004080ED push 7767F77Ch; iretd |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_00408105 push 03C6A3FEh; iretd |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_00407B29 pushfd ; retf |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_004061DD push 22BD4488h; iretd |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A7409 pushfd ; iretd |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 28_3_1E531696 push cs; ret |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 28_3_1E53394D push esi; ret |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 28_3_1E53430B push cs; ret |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 28_3_1E53298B pushad ; ret |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 28_3_1E5323B5 push cs; ret |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-util-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-utility-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\ucrtbase.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\freebl3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-2-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-namedpipe-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-private-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-sysinfo-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-time-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-stdio-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\vcruntime140.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-interlocked-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-runtime-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-handle-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\msvcp140.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\nss3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\nssdbm3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-rtlsupport-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-convert-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-math-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\mozglue.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-libraryloader-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-multibyte-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processenvironment-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l2-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-process-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-heap-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-locale-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-string-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-datetime-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-heap-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-debug-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-1.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-localization-l1-2-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-conio-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-environment-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\softokn3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-filesystem-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-memory-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-2-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-profile-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-errorhandling-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-string-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-timezone-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-console-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank02.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank02.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank02.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank02.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank02.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank02.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank02.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank02.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank02.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank02.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank02.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank02.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank02.exe | RDTSC instruction interceptor: First address: 00000000022A8D64 second address: 00000000022A8D64 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 4EFDC464h 0x00000013 add eax, FD8ECE7Bh 0x00000018 add eax, EA37EE74h 0x0000001d sub eax, 36C48152h 0x00000022 cpuid 0x00000024 jmp 00007FC3FC368E9Dh 0x00000029 test cl, cl 0x0000002b bt ecx, 1Fh 0x0000002f jc 00007FC3FC369698h 0x00000035 test ebx, edx 0x00000037 push di 0x00000039 mov di, 231Dh 0x0000003d pop di 0x0000003f popad 0x00000040 cmp ecx, eax 0x00000042 call 00007FC3FC368F31h 0x00000047 lfence 0x0000004a rdtsc |
Source: C:\Users\user\Desktop\Halkbank02.exe | RDTSC instruction interceptor: First address: 0000000000568D64 second address: 0000000000568D64 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 4EFDC464h 0x00000013 add eax, FD8ECE7Bh 0x00000018 add eax, EA37EE74h 0x0000001d sub eax, 36C48152h 0x00000022 cpuid 0x00000024 jmp 00007FC3FCB8A4CDh 0x00000029 test cl, cl 0x0000002b bt ecx, 1Fh 0x0000002f jc 00007FC3FCB8ACC8h 0x00000035 test ebx, edx 0x00000037 push di 0x00000039 mov di, 231Dh 0x0000003d pop di 0x0000003f popad 0x00000040 cmp ecx, eax 0x00000042 call 00007FC3FCB8A561h 0x00000047 lfence 0x0000004a rdtsc |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-util-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-multibyte-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-utility-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processenvironment-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\freebl3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-process-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-2-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l2-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-heap-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-locale-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-string-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-datetime-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-namedpipe-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-heap-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-private-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-sysinfo-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-time-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-debug-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-1.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-stdio-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-interlocked-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-localization-l1-2-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-conio-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-environment-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-runtime-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\softokn3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-filesystem-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-memory-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-handle-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-2-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\nssdbm3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-profile-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-rtlsupport-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-errorhandling-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-convert-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-math-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-string-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-timezone-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-libraryloader-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-console-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_00401500 mov ebx, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_004020A7 mov ebx, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_004027DC mov ebx, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A88B2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A608C mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A352D mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A9745 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A8150 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Halkbank02.exe | Code function: 1_2_022A41F0 mov eax, dword ptr fs:[00000030h] |