Source: 0.2.file.exe.1840e50.1.raw.unpack | Malware Configuration Extractor: Cryptbot {"Download URL": "http://bojwfi01.top/download.php?file=lv.exe", "C2 list": ["moresh01.top/index.php", "cemnit12.top/index.php"]} |
Source: http://bojwfi01.top/download.php?file=lv.exe | Avira URL Cloud: Label: malware |
Source: moresh01.top/index.php | Avira URL Cloud: Label: malware |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00401220 GetFileAttributesW,CreateFileW,GetFileSizeEx,CloseHandle,CreateFileMappingW,MapViewOfFile,CloseHandle,CloseHandle,CryptUnprotectData,LocalFree,UnmapViewOfFile,CloseHandle,FindCloseChangeNotification,CloseHandle, | 0_2_00401220 |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Temp\sqBlhapfmZnM | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Temp\sqBlhapfmZnM\_Files | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Temp | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local | Jump to behavior |
Source: Malware configuration extractor | URLs: moresh01.top/index.php |
Source: Malware configuration extractor | URLs: cemnit12.top/index.php |
Source: file.exe, file.exe, 00000000.00000003.666994856.0000000003360000.00000004.00000001.sdmp | String found in binary or memory: http://bojwfi01.top/download.php?file=lv.exe |
Source: file.exe, 00000000.00000002.930560853.0000000003F08000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/in-k |
Source: file.exe, 00000000.00000002.930031253.0000000001A88000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.php |
Source: file.exe, 00000000.00000002.929983814.0000000001A43000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.php# |
Source: file.exe, 00000000.00000002.930031253.0000000001A88000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.php#An |
Source: file.exe, 00000000.00000002.929983814.0000000001A43000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.php& |
Source: file.exe, 00000000.00000002.929983814.0000000001A43000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.php0 |
Source: file.exe, 00000000.00000002.929983814.0000000001A43000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.php7 |
Source: file.exe, 00000000.00000002.929909251.00000000019FC000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.php?J |
Source: file.exe, 00000000.00000002.930031253.0000000001A88000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.phpB |
Source: file.exe, 00000000.00000002.929983814.0000000001A43000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.phpF |
Source: file.exe, 00000000.00000002.930031253.0000000001A88000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.phpFB |
Source: file.exe, 00000000.00000002.930031253.0000000001A88000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.phpMB |
Source: file.exe, 00000000.00000002.929983814.0000000001A43000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.phpP |
Source: file.exe, 00000000.00000002.930031253.0000000001A88000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.phpPB |
Source: file.exe, 00000000.00000002.930535454.0000000003ED8000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.phpQ |
Source: file.exe, 00000000.00000002.930031253.0000000001A88000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.phpWB |
Source: file.exe, 00000000.00000002.930014729.0000000001A7C000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.phpX |
Source: file.exe, 00000000.00000002.930031253.0000000001A88000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.phpZB |
Source: file.exe, 00000000.00000002.930014729.0000000001A7C000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.phpb |
Source: file.exe, 00000000.00000002.930031253.0000000001A88000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.phpe |
Source: file.exe, 00000000.00000002.930031253.0000000001A88000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.phpeB |
Source: file.exe, 00000000.00000002.930031253.0000000001A88000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.phphB |
Source: file.exe, 00000000.00000002.929909251.00000000019FC000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.phpl |
Source: file.exe, 00000000.00000002.930031253.0000000001A88000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.phpoB |
Source: file.exe, 00000000.00000002.930031253.0000000001A88000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.phprB |
Source: file.exe, 00000000.00000002.930031253.0000000001A88000.00000004.00000001.sdmp | String found in binary or memory: http://cemnit12.top/index.phpyB |
Source: file.exe, 00000000.00000003.670329414.0000000001A36000.00000004.00000001.sdmp, default_webdata.db.0.dr | String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: file.exe, 00000000.00000003.670329414.0000000001A36000.00000004.00000001.sdmp, default_webdata.db.0.dr | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: file.exe, 00000000.00000003.670329414.0000000001A36000.00000004.00000001.sdmp, default_webdata.db.0.dr | String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: file.exe, 00000000.00000003.670329414.0000000001A36000.00000004.00000001.sdmp, default_webdata.db.0.dr | String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: file.exe, 00000000.00000003.670329414.0000000001A36000.00000004.00000001.sdmp, default_webdata.db.0.dr | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: file.exe, 00000000.00000003.670329414.0000000001A36000.00000004.00000001.sdmp, default_webdata.db.0.dr | String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search |
Source: file.exe, 00000000.00000003.670329414.0000000001A36000.00000004.00000001.sdmp, default_webdata.db.0.dr | String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: file.exe, 00000000.00000003.670329414.0000000001A36000.00000004.00000001.sdmp, default_webdata.db.0.dr | String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_0040DB70 CreateFileW,CreateDirectoryW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,GetModuleFileNameW,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegCloseKey,ExpandEnvironmentStringsW,GetFileAttributesW,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoW,LocalFree,_strftime,_strftime,GetUserNameW,GetComputerNameW,RegOpenKeyExW,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,RegCloseKey,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,CopyFileW,CreateDirectoryW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,Sleep,Sleep,Sleep,Sleep,Sleep,ExpandEnvironmentStringsW,DeleteFileW,Sleep,URLDownloadToFileW,Sleep,CreateFileW,CloseHandle,ShellExecuteW, | 0_2_0040DB70 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_0040AD20 RegQueryValueExW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,GetDesktopWindow,GetWindowRect,GetWindowDC,GetDeviceCaps,CreateCompatibleDC,CreateDIBSection,DeleteDC,DeleteDC,DeleteDC,GdiplusShutdown,SaveDC,SelectObject,BitBlt,RestoreDC,DeleteDC,DeleteDC,DeleteDC,GdipAlloc,GdipCreateBitmapFromHBITMAP,GdipGetImageEncodersSize,GdipGetImageEncoders,GdipSaveImageToFile,DeleteObject,GdiplusShutdown,CopyFileW, | 0_2_0040AD20 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00414000 | 0_2_00414000 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_0041B72F | 0_2_0041B72F |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_004138F0 | 0_2_004138F0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_0043030F | 0_2_0043030F |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_004223F0 | 0_2_004223F0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00420429 | 0_2_00420429 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_0043042F | 0_2_0043042F |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_0041B4FD | 0_2_0041B4FD |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00413580 | 0_2_00413580 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_004327BD | 0_2_004327BD |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00433800 | 0_2_00433800 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_0041B994 | 0_2_0041B994 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00411A10 | 0_2_00411A10 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_0042DAF1 | 0_2_0042DAF1 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00410E50 | 0_2_00410E50 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_0044EA80 | 0_2_0044EA80 |
Source: C:\Users\user\Desktop\file.exe | Code function: String function: 0040F2F0 appears 57 times | |
Source: C:\Users\user\Desktop\file.exe | Code function: String function: 00416C70 appears 50 times | |
Source: C:\Users\user\Desktop\file.exe | Command line argument: %Temp%\ | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: %Temp%\ | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: \_Files | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: %Temp%\ | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: \_Files\_Files | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: %Temp%\ | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: \_Files\_Wallet | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: %Temp%\ | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: \_Files\_Chrome | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: %Temp%\ | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: \_Files\_Opera | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: %Temp%\ | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: \_Files\_Brave | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: %Temp%\ | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: %Temp%\ | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: \files_ | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: %Temp%\ | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: \files_\files | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: %Temp%\ | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: %Temp%\ | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: \files_\_Chrome | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: %Temp%\ | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: \files_\_Opera | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: %Temp%\ | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: \files_\_Brave | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: %Temp%\ | 0_2_00415BF0 |
Source: C:\Users\user\Desktop\file.exe | Command line argument: >.C | 0_2_00432D90 |
Source: file.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: file.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: file.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: file.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: file.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: file.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_0043668D push esi; ret | 0_2_00436696 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00408A6A push 48680000h; ret | 0_2_00408A77 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00416CB6 push ecx; ret | 0_2_00416CC9 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_019DB1DD pushad ; iretd | 0_2_019DB1DE |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_0040DB70 CreateFileW,CreateDirectoryW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,GetModuleFileNameW,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegCloseKey,ExpandEnvironmentStringsW,GetFileAttributesW,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoW,LocalFree,_strftime,_strftime,GetUserNameW,GetComputerNameW,RegOpenKeyExW,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,RegCloseKey,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,CopyFileW,CreateDirectoryW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,Sleep,Sleep,Sleep,Sleep,Sleep,ExpandEnvironmentStringsW,DeleteFileW,Sleep,URLDownloadToFileW,Sleep,CreateFileW,CloseHandle,ShellExecuteW, | 0_2_0040DB70 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_0040A6E3 GetFileAttributesW,GetFileAttributesW,GetSystemInfo,KiUserCallbackDispatcher,GlobalMemoryStatusEx,RegOpenKeyExW,RegQueryValueExW,RegCloseKey, | 0_2_0040A6E3 |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Temp\sqBlhapfmZnM | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Temp\sqBlhapfmZnM\_Files | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Temp | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_0041D1DD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 0_2_0041D1DD |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00416A61 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 0_2_00416A61 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00416BF7 SetUnhandledExceptionFilter, | 0_2_00416BF7 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00416E3D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 0_2_00416E3D |
Source: file.exe, 00000000.00000002.930113974.0000000001F50000.00000002.00020000.sdmp | Binary or memory string: Program Manager |
Source: file.exe, 00000000.00000002.930113974.0000000001F50000.00000002.00020000.sdmp | Binary or memory string: Shell_TrayWnd |
Source: file.exe, 00000000.00000002.930113974.0000000001F50000.00000002.00020000.sdmp | Binary or memory string: Progman |
Source: file.exe, 00000000.00000002.930113974.0000000001F50000.00000002.00020000.sdmp | Binary or memory string: Progmanlock |
Source: C:\Users\user\Desktop\file.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\sqBlhapfmZnM\_Files\_Chrome\default_cookies.db VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\sqBlhapfmZnM\_Files\_Chrome\default_key.bin VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\sqBlhapfmZnM\_Files\_Chrome\default_logins.db VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\sqBlhapfmZnM\_Files\_Chrome\default_webdata.db VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\sqBlhapfmZnM\_Files\_Information.txt VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\sqBlhapfmZnM\_Files\_Screen_Desktop.jpeg VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Code function: CreateFileW,CreateDirectoryW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,GetModuleFileNameW,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegCloseKey,ExpandEnvironmentStringsW,GetFileAttributesW,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoW,LocalFree,_strftime,_strftime,GetUserNameW,GetComputerNameW,RegOpenKeyExW,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,RegCloseKey,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,CopyFileW,CreateDirectoryW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,ExpandEnvironmentStringsW,Sleep,Sleep,Sleep,Sleep,Sleep,ExpandEnvironmentStringsW,DeleteFileW,Sleep,URLDownloadToFileW,Sleep,CreateFileW,CloseHandle,ShellExecuteW, | 0_2_0040DB70 |
Source: C:\Users\user\Desktop\file.exe | Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00413A40 SetFilePointer,SetFilePointer,SetFilePointer,GetLocalTime,SystemTimeToFileTime,FileTimeToSystemTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z, | 0_2_00413A40 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_0040AA30 GetFileAttributesW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,RegCloseKey,RegOpenKeyExW,RegCloseKey,GetUserNameW,ExpandEnvironmentStringsW,CreateDirectoryW,Sleep, | 0_2_0040AA30 |
Source: Yara match | File source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1840e50.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.file.exe.3360000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1840e50.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.file.exe.3360000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000003.666994856.0000000003360000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.929802806.0000000001840000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.929594713.0000000000400000.00000040.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: file.exe PID: 5940, type: MEMORYSTR |
Source: file.exe | String found in binary or memory: %AppData%\Electrum-btcp\wallets |
Source: file.exe | String found in binary or memory: %AppData%\ElectronCash\wallets |
Source: file.exe | String found in binary or memory: %AppData%\Jaxx\Local Storage |
Source: file.exe | String found in binary or memory: %AppData%\Exodus\backup |
Source: file.exe | String found in binary or memory: %AppData%\Exodus\backup |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhilaheimglignddkjgofkcbgekhenbh | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data | Jump to behavior |
Source: Yara match | File source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1840e50.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.file.exe.3360000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1840e50.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.file.exe.3360000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000003.666994856.0000000003360000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.929802806.0000000001840000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.929594713.0000000000400000.00000040.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: file.exe PID: 5940, type: MEMORYSTR |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.