Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 0_2_027F9250 |
0_2_027F9250 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 0_2_027F0448 |
0_2_027F0448 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 0_2_027F3991 |
0_2_027F3991 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 0_2_027F042B |
0_2_027F042B |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 0_2_04F50040 |
0_2_04F50040 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 0_2_04F55568 |
0_2_04F55568 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 0_2_04F5B065 |
0_2_04F5B065 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 0_2_04F6195D |
0_2_04F6195D |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 0_2_04F656E8 |
0_2_04F656E8 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 0_2_04F70040 |
0_2_04F70040 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 0_2_04F793A8 |
0_2_04F793A8 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 0_2_04F50006 |
0_2_04F50006 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 0_2_04F656D8 |
0_2_04F656D8 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 0_2_04F70007 |
0_2_04F70007 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 7_2_018046A0 |
7_2_018046A0 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 7_2_018045BA |
7_2_018045BA |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 7_2_0180D261 |
7_2_0180D261 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_01190448 |
15_2_01190448 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_01199260 |
15_2_01199260 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_0119042A |
15_2_0119042A |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_052F5568 |
15_2_052F5568 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_052F0040 |
15_2_052F0040 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_052FB065 |
15_2_052FB065 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_0530195D |
15_2_0530195D |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_053056E8 |
15_2_053056E8 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_05310040 |
15_2_05310040 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_053193A8 |
15_2_053193A8 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_05319398 |
15_2_05319398 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_05310007 |
15_2_05310007 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_01199250 |
15_2_01199250 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_052F0006 |
15_2_052F0006 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_053056D8 |
15_2_053056D8 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 23_2_012B46A0 |
23_2_012B46A0 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 23_2_012B45B0 |
23_2_012B45B0 |
Source: unknown |
Process created: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe "C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe" |
|
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process created: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
|
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nanias" /tr "'C:\Users\user\AppData\Roaming\fffik\fffik.exe'" /f |
|
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd" /c copy "C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe" "C:\Users\user\AppData\Roaming\fffik\fffik.exe |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nanias" /tr "'C:\Users\user\AppData\Roaming\fffik\fffik.exe'" /f |
|
Source: unknown |
Process created: C:\Users\user\AppData\Roaming\fffik\fffik.exe C:\Users\user\AppData\Roaming\fffik\fffik.exe |
|
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process created: C:\Users\user\AppData\Roaming\fffik\fffik.exe C:\Users\user\AppData\Roaming\fffik\fffik.exe |
|
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nanias" /tr "'C:\Users\user\AppData\Roaming\fffik\fffik.exe'" /f |
|
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd" /c copy "C:\Users\user\AppData\Roaming\fffik\fffik.exe" "C:\Users\user\AppData\Roaming\fffik\fffik.exe |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nanias" /tr "'C:\Users\user\AppData\Roaming\fffik\fffik.exe'" /f |
|
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process created: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nanias" /tr "'C:\Users\user\AppData\Roaming\fffik\fffik.exe'" /f |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd" /c copy "C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe" "C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nanias" /tr "'C:\Users\user\AppData\Roaming\fffik\fffik.exe'" /f |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process created: C:\Users\user\AppData\Roaming\fffik\fffik.exe C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nanias" /tr "'C:\Users\user\AppData\Roaming\fffik\fffik.exe'" /f |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd" /c copy "C:\Users\user\AppData\Roaming\fffik\fffik.exe" "C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nanias" /tr "'C:\Users\user\AppData\Roaming\fffik\fffik.exe'" /f |
Jump to behavior |
Source: MV THALASSINI (EX- OCEAN LORD).doc.exe, GetILGenerator.cs |
Base64 encoded string: 'WA8UQltGnzLzQf/J48yVFSYWWAgaO+W7UA/5X0rZTJ2eWAa3ltwpXl1HJtTnnJQOoKAjvvLCuHmRHrJ76cU9OGCsSLQ4MCgLTOLtxYQY3pmtrcoGqnEoY2NvY1nfJ252', 'N46TO75W6q2Y/fUlbDgkfw7X4s1f/nCAaNqwLLKakaJWxiLz9WUNKizMDKB7XPnVynmP5R4B0Rz5hs6/yJYOSftLbraZZL2xK8GvJEm1pLk1rj1A3xNHaUaXbH0wowyz', 'hOLcac4qFn3p4Ml6t8RBCssllSSYbteqcyhlC3TiYSwz8j7DogpYl/yTdHsrAMfVwVL2k6e0tts5EbQpPAosJp8ky8oIq0i1HLu52PYDdbwRwrjv0OJH3nR+LaNSFLhY', 'pacdHMJbpCHckBVSzW3eRA3WqhvN0qFKJYpNJMQh0ctKZQImL0q6yLnnEab+5C9ACMFVfGc3AD70lywfeoIFG0PLE0XJaa2/EXWUMy+3WAe3cY9vjhppm2Ij5nLFe3im', 'HhUoKclqBuVSyweG5y5gxigaB62dAS5ZWXn9SSHEp2hz8q8kuo8wN7sB9l5F5Ix4BofWlxIsVx16sOvIThv5yvo2zrnaR19J59/1MEjQt2Xi4WWQK8nbDlFA7YYeJGlQ', 'JV9ZxqSjJyWDYmg/DJtap9zlqfFM1RUNMcbvtJ79tVU0nGLocWkbbMh/bJfuFdTc8+BUuapHpFssdoyEvr0I5jPM4MMLLWVUhX2Ce3Jsp3aAHT8z8A81kNecjj49pldn', 'uA+7uNAQ1wAGpsFyc5eHtHAlBCwq2drSA1dpDwcnc7b4pjGKyzdWCoW8Fe9osRmmpJR1kfU2GzAORuQcwNd6Mta1wAPqZyaja8TMdF/FA6ldn8PoTdfq4g9xPOpp98Mt' |
Source: MV THALASSINI (EX- OCEAN LORD).doc.exe, M_ignoreTypeLoadFailures.cs |
Base64 encoded string: 'vWtfOgD2ZB8EgzKAb4rnAW55ya4I72Hj+Z/JImKWFRYaAamhH64zphh7ZIfvIMLw0iTiHKSBR+NkOdfOk3JvF0qe1tjGoS4P3ohmrICz9d3H/aVdcXrUsbWQAi9AW/7o' |
Source: 0.2.MV THALASSINI (EX- OCEAN LORD).doc.exe.b0000.0.unpack, GetILGenerator.cs |
Base64 encoded string: 'WA8UQltGnzLzQf/J48yVFSYWWAgaO+W7UA/5X0rZTJ2eWAa3ltwpXl1HJtTnnJQOoKAjvvLCuHmRHrJ76cU9OGCsSLQ4MCgLTOLtxYQY3pmtrcoGqnEoY2NvY1nfJ252', 'N46TO75W6q2Y/fUlbDgkfw7X4s1f/nCAaNqwLLKakaJWxiLz9WUNKizMDKB7XPnVynmP5R4B0Rz5hs6/yJYOSftLbraZZL2xK8GvJEm1pLk1rj1A3xNHaUaXbH0wowyz', 'hOLcac4qFn3p4Ml6t8RBCssllSSYbteqcyhlC3TiYSwz8j7DogpYl/yTdHsrAMfVwVL2k6e0tts5EbQpPAosJp8ky8oIq0i1HLu52PYDdbwRwrjv0OJH3nR+LaNSFLhY', 'pacdHMJbpCHckBVSzW3eRA3WqhvN0qFKJYpNJMQh0ctKZQImL0q6yLnnEab+5C9ACMFVfGc3AD70lywfeoIFG0PLE0XJaa2/EXWUMy+3WAe3cY9vjhppm2Ij5nLFe3im', 'HhUoKclqBuVSyweG5y5gxigaB62dAS5ZWXn9SSHEp2hz8q8kuo8wN7sB9l5F5Ix4BofWlxIsVx16sOvIThv5yvo2zrnaR19J59/1MEjQt2Xi4WWQK8nbDlFA7YYeJGlQ', 'JV9ZxqSjJyWDYmg/DJtap9zlqfFM1RUNMcbvtJ79tVU0nGLocWkbbMh/bJfuFdTc8+BUuapHpFssdoyEvr0I5jPM4MMLLWVUhX2Ce3Jsp3aAHT8z8A81kNecjj49pldn', 'uA+7uNAQ1wAGpsFyc5eHtHAlBCwq2drSA1dpDwcnc7b4pjGKyzdWCoW8Fe9osRmmpJR1kfU2GzAORuQcwNd6Mta1wAPqZyaja8TMdF/FA6ldn8PoTdfq4g9xPOpp98Mt' |
Source: 0.2.MV THALASSINI (EX- OCEAN LORD).doc.exe.b0000.0.unpack, M_ignoreTypeLoadFailures.cs |
Base64 encoded string: 'vWtfOgD2ZB8EgzKAb4rnAW55ya4I72Hj+Z/JImKWFRYaAamhH64zphh7ZIfvIMLw0iTiHKSBR+NkOdfOk3JvF0qe1tjGoS4P3ohmrICz9d3H/aVdcXrUsbWQAi9AW/7o' |
Source: 0.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.b0000.0.unpack, M_ignoreTypeLoadFailures.cs |
Base64 encoded string: 'vWtfOgD2ZB8EgzKAb4rnAW55ya4I72Hj+Z/JImKWFRYaAamhH64zphh7ZIfvIMLw0iTiHKSBR+NkOdfOk3JvF0qe1tjGoS4P3ohmrICz9d3H/aVdcXrUsbWQAi9AW/7o' |
Source: 0.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.b0000.0.unpack, GetILGenerator.cs |
Base64 encoded string: 'WA8UQltGnzLzQf/J48yVFSYWWAgaO+W7UA/5X0rZTJ2eWAa3ltwpXl1HJtTnnJQOoKAjvvLCuHmRHrJ76cU9OGCsSLQ4MCgLTOLtxYQY3pmtrcoGqnEoY2NvY1nfJ252', 'N46TO75W6q2Y/fUlbDgkfw7X4s1f/nCAaNqwLLKakaJWxiLz9WUNKizMDKB7XPnVynmP5R4B0Rz5hs6/yJYOSftLbraZZL2xK8GvJEm1pLk1rj1A3xNHaUaXbH0wowyz', 'hOLcac4qFn3p4Ml6t8RBCssllSSYbteqcyhlC3TiYSwz8j7DogpYl/yTdHsrAMfVwVL2k6e0tts5EbQpPAosJp8ky8oIq0i1HLu52PYDdbwRwrjv0OJH3nR+LaNSFLhY', 'pacdHMJbpCHckBVSzW3eRA3WqhvN0qFKJYpNJMQh0ctKZQImL0q6yLnnEab+5C9ACMFVfGc3AD70lywfeoIFG0PLE0XJaa2/EXWUMy+3WAe3cY9vjhppm2Ij5nLFe3im', 'HhUoKclqBuVSyweG5y5gxigaB62dAS5ZWXn9SSHEp2hz8q8kuo8wN7sB9l5F5Ix4BofWlxIsVx16sOvIThv5yvo2zrnaR19J59/1MEjQt2Xi4WWQK8nbDlFA7YYeJGlQ', 'JV9ZxqSjJyWDYmg/DJtap9zlqfFM1RUNMcbvtJ79tVU0nGLocWkbbMh/bJfuFdTc8+BUuapHpFssdoyEvr0I5jPM4MMLLWVUhX2Ce3Jsp3aAHT8z8A81kNecjj49pldn', 'uA+7uNAQ1wAGpsFyc5eHtHAlBCwq2drSA1dpDwcnc7b4pjGKyzdWCoW8Fe9osRmmpJR1kfU2GzAORuQcwNd6Mta1wAPqZyaja8TMdF/FA6ldn8PoTdfq4g9xPOpp98Mt' |
Source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.b0000.4.unpack, M_ignoreTypeLoadFailures.cs |
Base64 encoded string: 'vWtfOgD2ZB8EgzKAb4rnAW55ya4I72Hj+Z/JImKWFRYaAamhH64zphh7ZIfvIMLw0iTiHKSBR+NkOdfOk3JvF0qe1tjGoS4P3ohmrICz9d3H/aVdcXrUsbWQAi9AW/7o' |
Source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.b0000.4.unpack, GetILGenerator.cs |
Base64 encoded string: 'WA8UQltGnzLzQf/J48yVFSYWWAgaO+W7UA/5X0rZTJ2eWAa3ltwpXl1HJtTnnJQOoKAjvvLCuHmRHrJ76cU9OGCsSLQ4MCgLTOLtxYQY3pmtrcoGqnEoY2NvY1nfJ252', 'N46TO75W6q2Y/fUlbDgkfw7X4s1f/nCAaNqwLLKakaJWxiLz9WUNKizMDKB7XPnVynmP5R4B0Rz5hs6/yJYOSftLbraZZL2xK8GvJEm1pLk1rj1A3xNHaUaXbH0wowyz', 'hOLcac4qFn3p4Ml6t8RBCssllSSYbteqcyhlC3TiYSwz8j7DogpYl/yTdHsrAMfVwVL2k6e0tts5EbQpPAosJp8ky8oIq0i1HLu52PYDdbwRwrjv0OJH3nR+LaNSFLhY', 'pacdHMJbpCHckBVSzW3eRA3WqhvN0qFKJYpNJMQh0ctKZQImL0q6yLnnEab+5C9ACMFVfGc3AD70lywfeoIFG0PLE0XJaa2/EXWUMy+3WAe3cY9vjhppm2Ij5nLFe3im', 'HhUoKclqBuVSyweG5y5gxigaB62dAS5ZWXn9SSHEp2hz8q8kuo8wN7sB9l5F5Ix4BofWlxIsVx16sOvIThv5yvo2zrnaR19J59/1MEjQt2Xi4WWQK8nbDlFA7YYeJGlQ', 'JV9ZxqSjJyWDYmg/DJtap9zlqfFM1RUNMcbvtJ79tVU0nGLocWkbbMh/bJfuFdTc8+BUuapHpFssdoyEvr0I5jPM4MMLLWVUhX2Ce3Jsp3aAHT8z8A81kNecjj49pldn', 'uA+7uNAQ1wAGpsFyc5eHtHAlBCwq2drSA1dpDwcnc7b4pjGKyzdWCoW8Fe9osRmmpJR1kfU2GzAORuQcwNd6Mta1wAPqZyaja8TMdF/FA6ldn8PoTdfq4g9xPOpp98Mt' |
Source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.b0000.8.unpack, GetILGenerator.cs |
Base64 encoded string: 'WA8UQltGnzLzQf/J48yVFSYWWAgaO+W7UA/5X0rZTJ2eWAa3ltwpXl1HJtTnnJQOoKAjvvLCuHmRHrJ76cU9OGCsSLQ4MCgLTOLtxYQY3pmtrcoGqnEoY2NvY1nfJ252', 'N46TO75W6q2Y/fUlbDgkfw7X4s1f/nCAaNqwLLKakaJWxiLz9WUNKizMDKB7XPnVynmP5R4B0Rz5hs6/yJYOSftLbraZZL2xK8GvJEm1pLk1rj1A3xNHaUaXbH0wowyz', 'hOLcac4qFn3p4Ml6t8RBCssllSSYbteqcyhlC3TiYSwz8j7DogpYl/yTdHsrAMfVwVL2k6e0tts5EbQpPAosJp8ky8oIq0i1HLu52PYDdbwRwrjv0OJH3nR+LaNSFLhY', 'pacdHMJbpCHckBVSzW3eRA3WqhvN0qFKJYpNJMQh0ctKZQImL0q6yLnnEab+5C9ACMFVfGc3AD70lywfeoIFG0PLE0XJaa2/EXWUMy+3WAe3cY9vjhppm2Ij5nLFe3im', 'HhUoKclqBuVSyweG5y5gxigaB62dAS5ZWXn9SSHEp2hz8q8kuo8wN7sB9l5F5Ix4BofWlxIsVx16sOvIThv5yvo2zrnaR19J59/1MEjQt2Xi4WWQK8nbDlFA7YYeJGlQ', 'JV9ZxqSjJyWDYmg/DJtap9zlqfFM1RUNMcbvtJ79tVU0nGLocWkbbMh/bJfuFdTc8+BUuapHpFssdoyEvr0I5jPM4MMLLWVUhX2Ce3Jsp3aAHT8z8A81kNecjj49pldn', 'uA+7uNAQ1wAGpsFyc5eHtHAlBCwq2drSA1dpDwcnc7b4pjGKyzdWCoW8Fe9osRmmpJR1kfU2GzAORuQcwNd6Mta1wAPqZyaja8TMdF/FA6ldn8PoTdfq4g9xPOpp98Mt' |
Source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.b0000.8.unpack, M_ignoreTypeLoadFailures.cs |
Base64 encoded string: 'vWtfOgD2ZB8EgzKAb4rnAW55ya4I72Hj+Z/JImKWFRYaAamhH64zphh7ZIfvIMLw0iTiHKSBR+NkOdfOk3JvF0qe1tjGoS4P3ohmrICz9d3H/aVdcXrUsbWQAi9AW/7o' |
Source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.b0000.12.unpack, GetILGenerator.cs |
Base64 encoded string: 'WA8UQltGnzLzQf/J48yVFSYWWAgaO+W7UA/5X0rZTJ2eWAa3ltwpXl1HJtTnnJQOoKAjvvLCuHmRHrJ76cU9OGCsSLQ4MCgLTOLtxYQY3pmtrcoGqnEoY2NvY1nfJ252', 'N46TO75W6q2Y/fUlbDgkfw7X4s1f/nCAaNqwLLKakaJWxiLz9WUNKizMDKB7XPnVynmP5R4B0Rz5hs6/yJYOSftLbraZZL2xK8GvJEm1pLk1rj1A3xNHaUaXbH0wowyz', 'hOLcac4qFn3p4Ml6t8RBCssllSSYbteqcyhlC3TiYSwz8j7DogpYl/yTdHsrAMfVwVL2k6e0tts5EbQpPAosJp8ky8oIq0i1HLu52PYDdbwRwrjv0OJH3nR+LaNSFLhY', 'pacdHMJbpCHckBVSzW3eRA3WqhvN0qFKJYpNJMQh0ctKZQImL0q6yLnnEab+5C9ACMFVfGc3AD70lywfeoIFG0PLE0XJaa2/EXWUMy+3WAe3cY9vjhppm2Ij5nLFe3im', 'HhUoKclqBuVSyweG5y5gxigaB62dAS5ZWXn9SSHEp2hz8q8kuo8wN7sB9l5F5Ix4BofWlxIsVx16sOvIThv5yvo2zrnaR19J59/1MEjQt2Xi4WWQK8nbDlFA7YYeJGlQ', 'JV9ZxqSjJyWDYmg/DJtap9zlqfFM1RUNMcbvtJ79tVU0nGLocWkbbMh/bJfuFdTc8+BUuapHpFssdoyEvr0I5jPM4MMLLWVUhX2Ce3Jsp3aAHT8z8A81kNecjj49pldn', 'uA+7uNAQ1wAGpsFyc5eHtHAlBCwq2drSA1dpDwcnc7b4pjGKyzdWCoW8Fe9osRmmpJR1kfU2GzAORuQcwNd6Mta1wAPqZyaja8TMdF/FA6ldn8PoTdfq4g9xPOpp98Mt' |
Source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.b0000.12.unpack, M_ignoreTypeLoadFailures.cs |
Base64 encoded string: 'vWtfOgD2ZB8EgzKAb4rnAW55ya4I72Hj+Z/JImKWFRYaAamhH64zphh7ZIfvIMLw0iTiHKSBR+NkOdfOk3JvF0qe1tjGoS4P3ohmrICz9d3H/aVdcXrUsbWQAi9AW/7o' |
Source: 7.2.MV THALASSINI (EX- OCEAN LORD).doc.exe.b0000.0.unpack, M_ignoreTypeLoadFailures.cs |
Base64 encoded string: 'vWtfOgD2ZB8EgzKAb4rnAW55ya4I72Hj+Z/JImKWFRYaAamhH64zphh7ZIfvIMLw0iTiHKSBR+NkOdfOk3JvF0qe1tjGoS4P3ohmrICz9d3H/aVdcXrUsbWQAi9AW/7o' |
Source: 7.2.MV THALASSINI (EX- OCEAN LORD).doc.exe.b0000.0.unpack, GetILGenerator.cs |
Base64 encoded string: 'WA8UQltGnzLzQf/J48yVFSYWWAgaO+W7UA/5X0rZTJ2eWAa3ltwpXl1HJtTnnJQOoKAjvvLCuHmRHrJ76cU9OGCsSLQ4MCgLTOLtxYQY3pmtrcoGqnEoY2NvY1nfJ252', 'N46TO75W6q2Y/fUlbDgkfw7X4s1f/nCAaNqwLLKakaJWxiLz9WUNKizMDKB7XPnVynmP5R4B0Rz5hs6/yJYOSftLbraZZL2xK8GvJEm1pLk1rj1A3xNHaUaXbH0wowyz', 'hOLcac4qFn3p4Ml6t8RBCssllSSYbteqcyhlC3TiYSwz8j7DogpYl/yTdHsrAMfVwVL2k6e0tts5EbQpPAosJp8ky8oIq0i1HLu52PYDdbwRwrjv0OJH3nR+LaNSFLhY', 'pacdHMJbpCHckBVSzW3eRA3WqhvN0qFKJYpNJMQh0ctKZQImL0q6yLnnEab+5C9ACMFVfGc3AD70lywfeoIFG0PLE0XJaa2/EXWUMy+3WAe3cY9vjhppm2Ij5nLFe3im', 'HhUoKclqBuVSyweG5y5gxigaB62dAS5ZWXn9SSHEp2hz8q8kuo8wN7sB9l5F5Ix4BofWlxIsVx16sOvIThv5yvo2zrnaR19J59/1MEjQt2Xi4WWQK8nbDlFA7YYeJGlQ', 'JV9ZxqSjJyWDYmg/DJtap9zlqfFM1RUNMcbvtJ79tVU0nGLocWkbbMh/bJfuFdTc8+BUuapHpFssdoyEvr0I5jPM4MMLLWVUhX2Ce3Jsp3aAHT8z8A81kNecjj49pldn', 'uA+7uNAQ1wAGpsFyc5eHtHAlBCwq2drSA1dpDwcnc7b4pjGKyzdWCoW8Fe9osRmmpJR1kfU2GzAORuQcwNd6Mta1wAPqZyaja8TMdF/FA6ldn8PoTdfq4g9xPOpp98Mt' |
Source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.b0000.0.unpack, GetILGenerator.cs |
Base64 encoded string: 'WA8UQltGnzLzQf/J48yVFSYWWAgaO+W7UA/5X0rZTJ2eWAa3ltwpXl1HJtTnnJQOoKAjvvLCuHmRHrJ76cU9OGCsSLQ4MCgLTOLtxYQY3pmtrcoGqnEoY2NvY1nfJ252', 'N46TO75W6q2Y/fUlbDgkfw7X4s1f/nCAaNqwLLKakaJWxiLz9WUNKizMDKB7XPnVynmP5R4B0Rz5hs6/yJYOSftLbraZZL2xK8GvJEm1pLk1rj1A3xNHaUaXbH0wowyz', 'hOLcac4qFn3p4Ml6t8RBCssllSSYbteqcyhlC3TiYSwz8j7DogpYl/yTdHsrAMfVwVL2k6e0tts5EbQpPAosJp8ky8oIq0i1HLu52PYDdbwRwrjv0OJH3nR+LaNSFLhY', 'pacdHMJbpCHckBVSzW3eRA3WqhvN0qFKJYpNJMQh0ctKZQImL0q6yLnnEab+5C9ACMFVfGc3AD70lywfeoIFG0PLE0XJaa2/EXWUMy+3WAe3cY9vjhppm2Ij5nLFe3im', 'HhUoKclqBuVSyweG5y5gxigaB62dAS5ZWXn9SSHEp2hz8q8kuo8wN7sB9l5F5Ix4BofWlxIsVx16sOvIThv5yvo2zrnaR19J59/1MEjQt2Xi4WWQK8nbDlFA7YYeJGlQ', 'JV9ZxqSjJyWDYmg/DJtap9zlqfFM1RUNMcbvtJ79tVU0nGLocWkbbMh/bJfuFdTc8+BUuapHpFssdoyEvr0I5jPM4MMLLWVUhX2Ce3Jsp3aAHT8z8A81kNecjj49pldn', 'uA+7uNAQ1wAGpsFyc5eHtHAlBCwq2drSA1dpDwcnc7b4pjGKyzdWCoW8Fe9osRmmpJR1kfU2GzAORuQcwNd6Mta1wAPqZyaja8TMdF/FA6ldn8PoTdfq4g9xPOpp98Mt' |
Source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.b0000.0.unpack, M_ignoreTypeLoadFailures.cs |
Base64 encoded string: 'vWtfOgD2ZB8EgzKAb4rnAW55ya4I72Hj+Z/JImKWFRYaAamhH64zphh7ZIfvIMLw0iTiHKSBR+NkOdfOk3JvF0qe1tjGoS4P3ohmrICz9d3H/aVdcXrUsbWQAi9AW/7o' |
Source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.b0000.1.unpack, M_ignoreTypeLoadFailures.cs |
Base64 encoded string: 'vWtfOgD2ZB8EgzKAb4rnAW55ya4I72Hj+Z/JImKWFRYaAamhH64zphh7ZIfvIMLw0iTiHKSBR+NkOdfOk3JvF0qe1tjGoS4P3ohmrICz9d3H/aVdcXrUsbWQAi9AW/7o' |
Source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.b0000.1.unpack, GetILGenerator.cs |
Base64 encoded string: 'WA8UQltGnzLzQf/J48yVFSYWWAgaO+W7UA/5X0rZTJ2eWAa3ltwpXl1HJtTnnJQOoKAjvvLCuHmRHrJ76cU9OGCsSLQ4MCgLTOLtxYQY3pmtrcoGqnEoY2NvY1nfJ252', 'N46TO75W6q2Y/fUlbDgkfw7X4s1f/nCAaNqwLLKakaJWxiLz9WUNKizMDKB7XPnVynmP5R4B0Rz5hs6/yJYOSftLbraZZL2xK8GvJEm1pLk1rj1A3xNHaUaXbH0wowyz', 'hOLcac4qFn3p4Ml6t8RBCssllSSYbteqcyhlC3TiYSwz8j7DogpYl/yTdHsrAMfVwVL2k6e0tts5EbQpPAosJp8ky8oIq0i1HLu52PYDdbwRwrjv0OJH3nR+LaNSFLhY', 'pacdHMJbpCHckBVSzW3eRA3WqhvN0qFKJYpNJMQh0ctKZQImL0q6yLnnEab+5C9ACMFVfGc3AD70lywfeoIFG0PLE0XJaa2/EXWUMy+3WAe3cY9vjhppm2Ij5nLFe3im', 'HhUoKclqBuVSyweG5y5gxigaB62dAS5ZWXn9SSHEp2hz8q8kuo8wN7sB9l5F5Ix4BofWlxIsVx16sOvIThv5yvo2zrnaR19J59/1MEjQt2Xi4WWQK8nbDlFA7YYeJGlQ', 'JV9ZxqSjJyWDYmg/DJtap9zlqfFM1RUNMcbvtJ79tVU0nGLocWkbbMh/bJfuFdTc8+BUuapHpFssdoyEvr0I5jPM4MMLLWVUhX2Ce3Jsp3aAHT8z8A81kNecjj49pldn', 'uA+7uNAQ1wAGpsFyc5eHtHAlBCwq2drSA1dpDwcnc7b4pjGKyzdWCoW8Fe9osRmmpJR1kfU2GzAORuQcwNd6Mta1wAPqZyaja8TMdF/FA6ldn8PoTdfq4g9xPOpp98Mt' |
Source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.b0000.2.unpack, GetILGenerator.cs |
Base64 encoded string: 'WA8UQltGnzLzQf/J48yVFSYWWAgaO+W7UA/5X0rZTJ2eWAa3ltwpXl1HJtTnnJQOoKAjvvLCuHmRHrJ76cU9OGCsSLQ4MCgLTOLtxYQY3pmtrcoGqnEoY2NvY1nfJ252', 'N46TO75W6q2Y/fUlbDgkfw7X4s1f/nCAaNqwLLKakaJWxiLz9WUNKizMDKB7XPnVynmP5R4B0Rz5hs6/yJYOSftLbraZZL2xK8GvJEm1pLk1rj1A3xNHaUaXbH0wowyz', 'hOLcac4qFn3p4Ml6t8RBCssllSSYbteqcyhlC3TiYSwz8j7DogpYl/yTdHsrAMfVwVL2k6e0tts5EbQpPAosJp8ky8oIq0i1HLu52PYDdbwRwrjv0OJH3nR+LaNSFLhY', 'pacdHMJbpCHckBVSzW3eRA3WqhvN0qFKJYpNJMQh0ctKZQImL0q6yLnnEab+5C9ACMFVfGc3AD70lywfeoIFG0PLE0XJaa2/EXWUMy+3WAe3cY9vjhppm2Ij5nLFe3im', 'HhUoKclqBuVSyweG5y5gxigaB62dAS5ZWXn9SSHEp2hz8q8kuo8wN7sB9l5F5Ix4BofWlxIsVx16sOvIThv5yvo2zrnaR19J59/1MEjQt2Xi4WWQK8nbDlFA7YYeJGlQ', 'JV9ZxqSjJyWDYmg/DJtap9zlqfFM1RUNMcbvtJ79tVU0nGLocWkbbMh/bJfuFdTc8+BUuapHpFssdoyEvr0I5jPM4MMLLWVUhX2Ce3Jsp3aAHT8z8A81kNecjj49pldn', 'uA+7uNAQ1wAGpsFyc5eHtHAlBCwq2drSA1dpDwcnc7b4pjGKyzdWCoW8Fe9osRmmpJR1kfU2GzAORuQcwNd6Mta1wAPqZyaja8TMdF/FA6ldn8PoTdfq4g9xPOpp98Mt' |
Source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.b0000.2.unpack, M_ignoreTypeLoadFailures.cs |
Base64 encoded string: 'vWtfOgD2ZB8EgzKAb4rnAW55ya4I72Hj+Z/JImKWFRYaAamhH64zphh7ZIfvIMLw0iTiHKSBR+NkOdfOk3JvF0qe1tjGoS4P3ohmrICz9d3H/aVdcXrUsbWQAi9AW/7o' |
Source: MV THALASSINI (EX- OCEAN LORD).doc.exe |
String found in binary or memory: dotNetProtector |
Source: MV THALASSINI (EX- OCEAN LORD).doc.exe, 00000000.00000002.407043312.00000000000B2000.00000020.00020000.sdmp |
String found in binary or memory: dotNetProtector |
Source: MV THALASSINI (EX- OCEAN LORD).doc.exe, 00000000.00000002.407043312.00000000000B2000.00000020.00020000.sdmp |
String found in binary or memory: qset_ShowInTaskbarRightCharInvokeMemberInvalidHebrewNumberStreamReaderTextReaderRNGCryptoServiceProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderEncoderlpBufferResourceManagerDebuggerManagementObjectSearcherM_innerHasOwnerAbsHelperM_resHelperTimeoutHelperGet_CreatePdbSymbolWriterget_IsPointerS_taskIdCounterBitConverterToLowerLazyInitializerDisableJITcompileOptimizerGetTokenForXorFlooramDesignatorDateSeparatorC_componentSeparatorGet_ListSeparatorManagementObjectEnumeratorGetEnumeratorGetILGeneratorRandomNumberGeneratorOperator.ctor.cctordotNetProtectorget_IsConstructorCreateDecryptorIntPtrM_iCAsM_CheckedForNonCasAbsSystem.DiagnosticsGet_PreserveMemberRefRidsCheckLinktimeDemandsget_LowerBoundsGetMethodsMatchSpecifiedWordsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourcesSet_ResourcesmebhFnhkAk.resourcesInitializeMethodOverridesGetNumberOfCatchesGet_HasDeclSecuritiesSortPropertiesmdTablesEndCreateTablesbInheritHandlesEnableVisualStylesGenitiveMonthNamesEquals_PropertyNamesEmptyTypesM_ignoreTypeLoadFailureslpThreadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributeslpProcessAttributesDeclSecurityAttributesRfc2898DeriveBytesUnsafeWriteAllBytesInternalWriteAllBytesGetBytesStorageFlagsBindingFlagsM_grantSetSpecialFlagsdwCreationFlagsGetMethodImplementationFlagsSetImplementationFlagsSet_Cor20HeaderFlagsLdapSyntaxFlagsPushMethodArgsEqualsSystem.Windows.FormsUseDigitPrefixInTokensContainsSystem.CollectionsReadFunctionsWriteInstructionsCallingConventionsRestoreOptionsUnclonedLongTimePatternsAllLongDatePatternsCosOverlapsget_CharsGetOptionalCustomModifiersS_activeTaskSchedulersGetParameterssssssaffhdfffffadtrrssssssfaffahfaffasfadtrrssssssfafddhhkftrrsget_IsClassAssemblyBuilderAccesshProcessGetCurrentProcessunsafeUseAddresslpBaseAddresslpAddressGet_PreserveStringsOffsetsReportThreadStatusWrapNonExceptionThrowsAlways |
Source: MV THALASSINI (EX- OCEAN LORD).doc.exe, 00000000.00000000.293020376.00000000000B2000.00000020.00020000.sdmp |
String found in binary or memory: dotNetProtector |
Source: MV THALASSINI (EX- OCEAN LORD).doc.exe, 00000000.00000000.293020376.00000000000B2000.00000020.00020000.sdmp |
String found in binary or memory: qset_ShowInTaskbarRightCharInvokeMemberInvalidHebrewNumberStreamReaderTextReaderRNGCryptoServiceProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderEncoderlpBufferResourceManagerDebuggerManagementObjectSearcherM_innerHasOwnerAbsHelperM_resHelperTimeoutHelperGet_CreatePdbSymbolWriterget_IsPointerS_taskIdCounterBitConverterToLowerLazyInitializerDisableJITcompileOptimizerGetTokenForXorFlooramDesignatorDateSeparatorC_componentSeparatorGet_ListSeparatorManagementObjectEnumeratorGetEnumeratorGetILGeneratorRandomNumberGeneratorOperator.ctor.cctordotNetProtectorget_IsConstructorCreateDecryptorIntPtrM_iCAsM_CheckedForNonCasAbsSystem.DiagnosticsGet_PreserveMemberRefRidsCheckLinktimeDemandsget_LowerBoundsGetMethodsMatchSpecifiedWordsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourcesSet_ResourcesmebhFnhkAk.resourcesInitializeMethodOverridesGetNumberOfCatchesGet_HasDeclSecuritiesSortPropertiesmdTablesEndCreateTablesbInheritHandlesEnableVisualStylesGenitiveMonthNamesEquals_PropertyNamesEmptyTypesM_ignoreTypeLoadFailureslpThreadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributeslpProcessAttributesDeclSecurityAttributesRfc2898DeriveBytesUnsafeWriteAllBytesInternalWriteAllBytesGetBytesStorageFlagsBindingFlagsM_grantSetSpecialFlagsdwCreationFlagsGetMethodImplementationFlagsSetImplementationFlagsSet_Cor20HeaderFlagsLdapSyntaxFlagsPushMethodArgsEqualsSystem.Windows.FormsUseDigitPrefixInTokensContainsSystem.CollectionsReadFunctionsWriteInstructionsCallingConventionsRestoreOptionsUnclonedLongTimePatternsAllLongDatePatternsCosOverlapsget_CharsGetOptionalCustomModifiersS_activeTaskSchedulersGetParameterssssssaffhdfffffadtrrssssssfaffahfaffasfadtrrssssssfafddhhkftrrsget_IsClassAssemblyBuilderAccesshProcessGetCurrentProcessunsafeUseAddresslpBaseAddresslpAddressGet_PreserveStringsOffsetsReportThreadStatusWrapNonExceptionThrowsAlways |
Source: MV THALASSINI (EX- OCEAN LORD).doc.exe |
String found in binary or memory: dotNetProtector |
Source: MV THALASSINI (EX- OCEAN LORD).doc.exe, 00000007.00000000.396661098.00000000000B2000.00000020.00020000.sdmp |
String found in binary or memory: dotNetProtector |
Source: MV THALASSINI (EX- OCEAN LORD).doc.exe, 00000007.00000000.396661098.00000000000B2000.00000020.00020000.sdmp |
String found in binary or memory: qset_ShowInTaskbarRightCharInvokeMemberInvalidHebrewNumberStreamReaderTextReaderRNGCryptoServiceProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderEncoderlpBufferResourceManagerDebuggerManagementObjectSearcherM_innerHasOwnerAbsHelperM_resHelperTimeoutHelperGet_CreatePdbSymbolWriterget_IsPointerS_taskIdCounterBitConverterToLowerLazyInitializerDisableJITcompileOptimizerGetTokenForXorFlooramDesignatorDateSeparatorC_componentSeparatorGet_ListSeparatorManagementObjectEnumeratorGetEnumeratorGetILGeneratorRandomNumberGeneratorOperator.ctor.cctordotNetProtectorget_IsConstructorCreateDecryptorIntPtrM_iCAsM_CheckedForNonCasAbsSystem.DiagnosticsGet_PreserveMemberRefRidsCheckLinktimeDemandsget_LowerBoundsGetMethodsMatchSpecifiedWordsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourcesSet_ResourcesmebhFnhkAk.resourcesInitializeMethodOverridesGetNumberOfCatchesGet_HasDeclSecuritiesSortPropertiesmdTablesEndCreateTablesbInheritHandlesEnableVisualStylesGenitiveMonthNamesEquals_PropertyNamesEmptyTypesM_ignoreTypeLoadFailureslpThreadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributeslpProcessAttributesDeclSecurityAttributesRfc2898DeriveBytesUnsafeWriteAllBytesInternalWriteAllBytesGetBytesStorageFlagsBindingFlagsM_grantSetSpecialFlagsdwCreationFlagsGetMethodImplementationFlagsSetImplementationFlagsSet_Cor20HeaderFlagsLdapSyntaxFlagsPushMethodArgsEqualsSystem.Windows.FormsUseDigitPrefixInTokensContainsSystem.CollectionsReadFunctionsWriteInstructionsCallingConventionsRestoreOptionsUnclonedLongTimePatternsAllLongDatePatternsCosOverlapsget_CharsGetOptionalCustomModifiersS_activeTaskSchedulersGetParameterssssssaffhdfffffadtrrssssssfaffahfaffasfadtrrssssssfafddhhkftrrsget_IsClassAssemblyBuilderAccesshProcessGetCurrentProcessunsafeUseAddresslpBaseAddresslpAddressGet_PreserveStringsOffsetsReportThreadStatusWrapNonExceptionThrowsAlways |
Source: fffik.exe |
String found in binary or memory: dotNetProtector |
Source: fffik.exe, 0000000F.00000000.414752204.0000000000BB2000.00000020.00020000.sdmp |
String found in binary or memory: dotNetProtector |
Source: fffik.exe, 0000000F.00000000.414752204.0000000000BB2000.00000020.00020000.sdmp |
String found in binary or memory: qset_ShowInTaskbarRightCharInvokeMemberInvalidHebrewNumberStreamReaderTextReaderRNGCryptoServiceProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderEncoderlpBufferResourceManagerDebuggerManagementObjectSearcherM_innerHasOwnerAbsHelperM_resHelperTimeoutHelperGet_CreatePdbSymbolWriterget_IsPointerS_taskIdCounterBitConverterToLowerLazyInitializerDisableJITcompileOptimizerGetTokenForXorFlooramDesignatorDateSeparatorC_componentSeparatorGet_ListSeparatorManagementObjectEnumeratorGetEnumeratorGetILGeneratorRandomNumberGeneratorOperator.ctor.cctordotNetProtectorget_IsConstructorCreateDecryptorIntPtrM_iCAsM_CheckedForNonCasAbsSystem.DiagnosticsGet_PreserveMemberRefRidsCheckLinktimeDemandsget_LowerBoundsGetMethodsMatchSpecifiedWordsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourcesSet_ResourcesmebhFnhkAk.resourcesInitializeMethodOverridesGetNumberOfCatchesGet_HasDeclSecuritiesSortPropertiesmdTablesEndCreateTablesbInheritHandlesEnableVisualStylesGenitiveMonthNamesEquals_PropertyNamesEmptyTypesM_ignoreTypeLoadFailureslpThreadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributeslpProcessAttributesDeclSecurityAttributesRfc2898DeriveBytesUnsafeWriteAllBytesInternalWriteAllBytesGetBytesStorageFlagsBindingFlagsM_grantSetSpecialFlagsdwCreationFlagsGetMethodImplementationFlagsSetImplementationFlagsSet_Cor20HeaderFlagsLdapSyntaxFlagsPushMethodArgsEqualsSystem.Windows.FormsUseDigitPrefixInTokensContainsSystem.CollectionsReadFunctionsWriteInstructionsCallingConventionsRestoreOptionsUnclonedLongTimePatternsAllLongDatePatternsCosOverlapsget_CharsGetOptionalCustomModifiersS_activeTaskSchedulersGetParameterssssssaffhdfffffadtrrssssssfaffahfaffasfadtrrssssssfafddhhkftrrsget_IsClassAssemblyBuilderAccesshProcessGetCurrentProcessunsafeUseAddresslpBaseAddresslpAddressGet_PreserveStringsOffsetsReportThreadStatusWrapNonExceptionThrowsAlways |
Source: fffik.exe, 0000000F.00000002.552157957.0000000000BB2000.00000020.00020000.sdmp |
String found in binary or memory: dotNetProtector |
Source: fffik.exe, 0000000F.00000002.552157957.0000000000BB2000.00000020.00020000.sdmp |
String found in binary or memory: qset_ShowInTaskbarRightCharInvokeMemberInvalidHebrewNumberStreamReaderTextReaderRNGCryptoServiceProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderEncoderlpBufferResourceManagerDebuggerManagementObjectSearcherM_innerHasOwnerAbsHelperM_resHelperTimeoutHelperGet_CreatePdbSymbolWriterget_IsPointerS_taskIdCounterBitConverterToLowerLazyInitializerDisableJITcompileOptimizerGetTokenForXorFlooramDesignatorDateSeparatorC_componentSeparatorGet_ListSeparatorManagementObjectEnumeratorGetEnumeratorGetILGeneratorRandomNumberGeneratorOperator.ctor.cctordotNetProtectorget_IsConstructorCreateDecryptorIntPtrM_iCAsM_CheckedForNonCasAbsSystem.DiagnosticsGet_PreserveMemberRefRidsCheckLinktimeDemandsget_LowerBoundsGetMethodsMatchSpecifiedWordsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourcesSet_ResourcesmebhFnhkAk.resourcesInitializeMethodOverridesGetNumberOfCatchesGet_HasDeclSecuritiesSortPropertiesmdTablesEndCreateTablesbInheritHandlesEnableVisualStylesGenitiveMonthNamesEquals_PropertyNamesEmptyTypesM_ignoreTypeLoadFailureslpThreadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributeslpProcessAttributesDeclSecurityAttributesRfc2898DeriveBytesUnsafeWriteAllBytesInternalWriteAllBytesGetBytesStorageFlagsBindingFlagsM_grantSetSpecialFlagsdwCreationFlagsGetMethodImplementationFlagsSetImplementationFlagsSet_Cor20HeaderFlagsLdapSyntaxFlagsPushMethodArgsEqualsSystem.Windows.FormsUseDigitPrefixInTokensContainsSystem.CollectionsReadFunctionsWriteInstructionsCallingConventionsRestoreOptionsUnclonedLongTimePatternsAllLongDatePatternsCosOverlapsget_CharsGetOptionalCustomModifiersS_activeTaskSchedulersGetParameterssssssaffhdfffffadtrrssssssfaffahfaffasfadtrrssssssfafddhhkftrrsget_IsClassAssemblyBuilderAccesshProcessGetCurrentProcessunsafeUseAddresslpBaseAddresslpAddressGet_PreserveStringsOffsetsReportThreadStatusWrapNonExceptionThrowsAlways |
Source: fffik.exe |
String found in binary or memory: dotNetProtector |
Source: fffik.exe, 00000017.00000000.531992107.0000000000BB2000.00000020.00020000.sdmp |
String found in binary or memory: dotNetProtector |
Source: fffik.exe, 00000017.00000000.531992107.0000000000BB2000.00000020.00020000.sdmp |
String found in binary or memory: qset_ShowInTaskbarRightCharInvokeMemberInvalidHebrewNumberStreamReaderTextReaderRNGCryptoServiceProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderEncoderlpBufferResourceManagerDebuggerManagementObjectSearcherM_innerHasOwnerAbsHelperM_resHelperTimeoutHelperGet_CreatePdbSymbolWriterget_IsPointerS_taskIdCounterBitConverterToLowerLazyInitializerDisableJITcompileOptimizerGetTokenForXorFlooramDesignatorDateSeparatorC_componentSeparatorGet_ListSeparatorManagementObjectEnumeratorGetEnumeratorGetILGeneratorRandomNumberGeneratorOperator.ctor.cctordotNetProtectorget_IsConstructorCreateDecryptorIntPtrM_iCAsM_CheckedForNonCasAbsSystem.DiagnosticsGet_PreserveMemberRefRidsCheckLinktimeDemandsget_LowerBoundsGetMethodsMatchSpecifiedWordsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourcesSet_ResourcesmebhFnhkAk.resourcesInitializeMethodOverridesGetNumberOfCatchesGet_HasDeclSecuritiesSortPropertiesmdTablesEndCreateTablesbInheritHandlesEnableVisualStylesGenitiveMonthNamesEquals_PropertyNamesEmptyTypesM_ignoreTypeLoadFailureslpThreadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributeslpProcessAttributesDeclSecurityAttributesRfc2898DeriveBytesUnsafeWriteAllBytesInternalWriteAllBytesGetBytesStorageFlagsBindingFlagsM_grantSetSpecialFlagsdwCreationFlagsGetMethodImplementationFlagsSetImplementationFlagsSet_Cor20HeaderFlagsLdapSyntaxFlagsPushMethodArgsEqualsSystem.Windows.FormsUseDigitPrefixInTokensContainsSystem.CollectionsReadFunctionsWriteInstructionsCallingConventionsRestoreOptionsUnclonedLongTimePatternsAllLongDatePatternsCosOverlapsget_CharsGetOptionalCustomModifiersS_activeTaskSchedulersGetParameterssssssaffhdfffffadtrrssssssfaffahfaffasfadtrrssssssfafddhhkftrrsget_IsClassAssemblyBuilderAccesshProcessGetCurrentProcessunsafeUseAddresslpBaseAddresslpAddressGet_PreserveStringsOffsetsReportThreadStatusWrapNonExceptionThrowsAlways |
Source: MV THALASSINI (EX- OCEAN LORD).doc.exe |
String found in binary or memory: dotNetProtector |
Source: MV THALASSINI (EX- OCEAN LORD).doc.exe |
String found in binary or memory: qset_ShowInTaskbarRightCharInvokeMemberInvalidHebrewNumberStreamReaderTextReaderRNGCryptoServiceProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderEncoderlpBufferResourceManagerDebuggerManagementObjectSearcherM_innerHasOwnerAbsHelperM_resHelperTimeoutHelperGet_CreatePdbSymbolWriterget_IsPointerS_taskIdCounterBitConverterToLowerLazyInitializerDisableJITcompileOptimizerGetTokenForXorFlooramDesignatorDateSeparatorC_componentSeparatorGet_ListSeparatorManagementObjectEnumeratorGetEnumeratorGetILGeneratorRandomNumberGeneratorOperator.ctor.cctordotNetProtectorget_IsConstructorCreateDecryptorIntPtrM_iCAsM_CheckedForNonCasAbsSystem.DiagnosticsGet_PreserveMemberRefRidsCheckLinktimeDemandsget_LowerBoundsGetMethodsMatchSpecifiedWordsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourcesSet_ResourcesmebhFnhkAk.resourcesInitializeMethodOverridesGetNumberOfCatchesGet_HasDeclSecuritiesSortPropertiesmdTablesEndCreateTablesbInheritHandlesEnableVisualStylesGenitiveMonthNamesEquals_PropertyNamesEmptyTypesM_ignoreTypeLoadFailureslpThreadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributeslpProcessAttributesDeclSecurityAttributesRfc2898DeriveBytesUnsafeWriteAllBytesInternalWriteAllBytesGetBytesStorageFlagsBindingFlagsM_grantSetSpecialFlagsdwCreationFlagsGetMethodImplementationFlagsSetImplementationFlagsSet_Cor20HeaderFlagsLdapSyntaxFlagsPushMethodArgsEqualsSystem.Windows.FormsUseDigitPrefixInTokensContainsSystem.CollectionsReadFunctionsWriteInstructionsCallingConventionsRestoreOptionsUnclonedLongTimePatternsAllLongDatePatternsCosOverlapsget_CharsGetOptionalCustomModifiersS_activeTaskSchedulersGetParameterssssssaffhdfffffadtrrssssssfaffahfaffasfadtrrssssssfafddhhkftrrsget_IsClassAssemblyBuilderAccesshProcessGetCurrentProcessunsafeUseAddresslpBaseAddresslpAddressGet_PreserveStringsOffsetsReportThreadStatusWrapNonExceptionThrowsAlways |
Source: fffik.exe.10.dr |
String found in binary or memory: dotNetProtector |
Source: fffik.exe.10.dr |
String found in binary or memory: qset_ShowInTaskbarRightCharInvokeMemberInvalidHebrewNumberStreamReaderTextReaderRNGCryptoServiceProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderEncoderlpBufferResourceManagerDebuggerManagementObjectSearcherM_innerHasOwnerAbsHelperM_resHelperTimeoutHelperGet_CreatePdbSymbolWriterget_IsPointerS_taskIdCounterBitConverterToLowerLazyInitializerDisableJITcompileOptimizerGetTokenForXorFlooramDesignatorDateSeparatorC_componentSeparatorGet_ListSeparatorManagementObjectEnumeratorGetEnumeratorGetILGeneratorRandomNumberGeneratorOperator.ctor.cctordotNetProtectorget_IsConstructorCreateDecryptorIntPtrM_iCAsM_CheckedForNonCasAbsSystem.DiagnosticsGet_PreserveMemberRefRidsCheckLinktimeDemandsget_LowerBoundsGetMethodsMatchSpecifiedWordsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourcesSet_ResourcesmebhFnhkAk.resourcesInitializeMethodOverridesGetNumberOfCatchesGet_HasDeclSecuritiesSortPropertiesmdTablesEndCreateTablesbInheritHandlesEnableVisualStylesGenitiveMonthNamesEquals_PropertyNamesEmptyTypesM_ignoreTypeLoadFailureslpThreadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributeslpProcessAttributesDeclSecurityAttributesRfc2898DeriveBytesUnsafeWriteAllBytesInternalWriteAllBytesGetBytesStorageFlagsBindingFlagsM_grantSetSpecialFlagsdwCreationFlagsGetMethodImplementationFlagsSetImplementationFlagsSet_Cor20HeaderFlagsLdapSyntaxFlagsPushMethodArgsEqualsSystem.Windows.FormsUseDigitPrefixInTokensContainsSystem.CollectionsReadFunctionsWriteInstructionsCallingConventionsRestoreOptionsUnclonedLongTimePatternsAllLongDatePatternsCosOverlapsget_CharsGetOptionalCustomModifiersS_activeTaskSchedulersGetParameterssssssaffhdfffffadtrrssssssfaffahfaffasfadtrrssssssfafddhhkftrrsget_IsClassAssemblyBuilderAccesshProcessGetCurrentProcessunsafeUseAddresslpBaseAddresslpAddressGet_PreserveStringsOffsetsReportThreadStatusWrapNonExceptionThrowsAlways |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 0_2_000B5CC8 push eax; ret |
0_2_000B5CC9 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 0_2_000B7BD7 push edi; ret |
0_2_000B7BD8 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 0_2_000B43AF push edx; iretd |
0_2_000B43B0 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 0_2_000B5CBF push eax; ret |
0_2_000B5CC0 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 0_2_04F60642 pushfd ; retf |
0_2_04F60645 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 0_2_04F7E123 push ecx; iretd |
0_2_04F7E126 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 0_2_04F75393 push es; retf |
0_2_04F75425 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 7_2_000B5CC8 push eax; ret |
7_2_000B5CC9 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 7_2_000B7BD7 push edi; ret |
7_2_000B7BD8 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 7_2_000B43AF push edx; iretd |
7_2_000B43B0 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Code function: 7_2_000B5CBF push eax; ret |
7_2_000B5CC0 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_00BB5CBF push eax; ret |
15_2_00BB5CC0 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_00BB43AF push edx; iretd |
15_2_00BB43B0 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_00BB7BD7 push edi; ret |
15_2_00BB7BD8 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_00BB5CC8 push eax; ret |
15_2_00BB5CC9 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_05300642 pushfd ; retf |
15_2_05300645 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_0531E123 push ecx; iretd |
15_2_0531E126 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 15_2_05315393 push es; retf |
15_2_05315425 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 23_2_00BB5CBF push eax; ret |
23_2_00BB5CC0 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 23_2_00BB43AF push edx; iretd |
23_2_00BB43B0 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 23_2_00BB7BD7 push edi; ret |
23_2_00BB7BD8 |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Code function: 23_2_00BB5CC8 push eax; ret |
23_2_00BB5CC9 |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Queries volume information: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Queries volume information: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\MV THALASSINI (EX- OCEAN LORD).doc.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Queries volume information: C:\Users\user\AppData\Roaming\fffik\fffik.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Queries volume information: C:\Users\user\AppData\Roaming\fffik\fffik.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\fffik\fffik.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: 23.0.fffik.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 23.2.fffik.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 23.0.fffik.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.400000.9.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.400000.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.MV THALASSINI (EX- OCEAN LORD).doc.exe.397b170.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 23.0.fffik.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.400000.7.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 23.0.fffik.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.MV THALASSINI (EX- OCEAN LORD).doc.exe.39b0390.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 23.0.fffik.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 7.2.MV THALASSINI (EX- OCEAN LORD).doc.exe.400000.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.400000.13.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 15.2.fffik.exe.3dfb170.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.MV THALASSINI (EX- OCEAN LORD).doc.exe.39b0390.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.400000.11.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 15.2.fffik.exe.3e30390.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 15.2.fffik.exe.3dfb170.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.MV THALASSINI (EX- OCEAN LORD).doc.exe.397b170.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 15.2.fffik.exe.3e30390.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000017.00000000.533476754.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000017.00000000.536332699.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000000.400927493.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000F.00000002.556122543.0000000003DFA000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000000.401381216.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000000.400525770.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000017.00000002.559122972.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000017.00000000.534716149.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000000.400110349.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000002.559754507.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000017.00000000.535791099.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.409959224.000000000397A000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000017.00000002.561662492.0000000003011000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000002.562297045.0000000003451000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: MV THALASSINI (EX- OCEAN LORD).doc.exe PID: 6652, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: MV THALASSINI (EX- OCEAN LORD).doc.exe PID: 6148, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: fffik.exe PID: 4808, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: fffik.exe PID: 5272, type: MEMORYSTR |
Source: Yara match |
File source: 23.0.fffik.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 23.2.fffik.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 23.0.fffik.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.400000.9.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.400000.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.MV THALASSINI (EX- OCEAN LORD).doc.exe.397b170.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 23.0.fffik.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.400000.7.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 23.0.fffik.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.MV THALASSINI (EX- OCEAN LORD).doc.exe.39b0390.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 23.0.fffik.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 7.2.MV THALASSINI (EX- OCEAN LORD).doc.exe.400000.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.400000.13.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 15.2.fffik.exe.3dfb170.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.MV THALASSINI (EX- OCEAN LORD).doc.exe.39b0390.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 7.0.MV THALASSINI (EX- OCEAN LORD).doc.exe.400000.11.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 15.2.fffik.exe.3e30390.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 15.2.fffik.exe.3dfb170.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.MV THALASSINI (EX- OCEAN LORD).doc.exe.397b170.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 15.2.fffik.exe.3e30390.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000017.00000000.533476754.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000017.00000000.536332699.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000000.400927493.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000F.00000002.556122543.0000000003DFA000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000000.401381216.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000000.400525770.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000017.00000002.559122972.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000017.00000000.534716149.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000000.400110349.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000002.559754507.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000017.00000000.535791099.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.409959224.000000000397A000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000017.00000002.561662492.0000000003011000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000002.562297045.0000000003451000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: MV THALASSINI (EX- OCEAN LORD).doc.exe PID: 6652, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: MV THALASSINI (EX- OCEAN LORD).doc.exe PID: 6148, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: fffik.exe PID: 4808, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: fffik.exe PID: 5272, type: MEMORYSTR |