Source: C:\Users\user\Desktop\recibo.exe |
Code function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
0_2_00405C49 |
Source: C:\Users\user\Desktop\recibo.exe |
Code function: 0_2_00406873 FindFirstFileW,FindClose, |
0_2_00406873 |
Source: C:\Users\user\Desktop\recibo.exe |
Code function: 0_2_0040290B FindFirstFileW, |
0_2_0040290B |
Source: C:\Users\user\Desktop\recibo.exe |
File opened: C:\Users\user |
Jump to behavior |
Source: C:\Users\user\Desktop\recibo.exe |
File opened: C:\Users\user\AppData\Local\Temp\FLADBARMEDES.tub |
Jump to behavior |
Source: C:\Users\user\Desktop\recibo.exe |
File opened: C:\Users\user\AppData\Local\Temp\Rekorddage.Res7 |
Jump to behavior |
Source: C:\Users\user\Desktop\recibo.exe |
File opened: C:\Users\user\AppData |
Jump to behavior |
Source: C:\Users\user\Desktop\recibo.exe |
File opened: C:\Users\user\AppData\Local\Temp |
Jump to behavior |
Source: C:\Users\user\Desktop\recibo.exe |
File opened: C:\Users\user\AppData\Local |
Jump to behavior |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0 |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr, lgpllibs.dll.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: lgpllibs.dll.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr, lgpllibs.dll.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: lgpllibs.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr, lgpllibs.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00 |
Source: lgpllibs.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05 |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr, lgpllibs.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr, lgpllibs.dll.0.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr |
String found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L |
Source: lgpllibs.dll.0.dr |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr, lgpllibs.dll.0.dr |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: recibo.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr, lgpllibs.dll.0.dr |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr |
String found in binary or memory: http://ocsp.digicert.com0L |
Source: lgpllibs.dll.0.dr |
String found in binary or memory: http://ocsp.digicert.com0N |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr, lgpllibs.dll.0.dr |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr |
String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr |
String found in binary or memory: http://s2.symcb.com0 |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr |
String found in binary or memory: http://sv.symcb.com/sv.crl0a |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr |
String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr |
String found in binary or memory: http://sv.symcd.com0& |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr, lgpllibs.dll.0.dr |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr |
String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
Source: iso_639-3.xml.0.dr |
String found in binary or memory: http://www.sil.org/iso639-3/ |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr |
String found in binary or memory: http://www.symauth.com/cps0( |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr |
String found in binary or memory: http://www.symauth.com/rpa00 |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr |
String found in binary or memory: http://www.vmware.com/0 |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr |
String found in binary or memory: http://www.vmware.com/0/ |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: lgpllibs.dll.0.dr |
String found in binary or memory: https://mozilla.org0 |
Source: recibo.exe, 00000000.00000002.761476867.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3ddevapi64-debug.dll.0.dr, lgpllibs.dll.0.dr |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: C:\Users\user\Desktop\recibo.exe |
Code function: 0_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, |
0_2_004056DE |
Source: C:\Users\user\Desktop\recibo.exe |
Code function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_0040352D |
Source: C:\Users\user\Desktop\recibo.exe |
Code function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_0040352D |
Source: vm3ddevapi64-debug.dll.0.dr |
Static PE information: section name: .didat |
Source: vm3ddevapi64-debug.dll.0.dr |
Static PE information: section name: .gehcont |
Source: vm3ddevapi64-debug.dll.0.dr |
Static PE information: section name: _RDATA |
Source: lgpllibs.dll.0.dr |
Static PE information: section name: .00cfg |
Source: C:\Users\user\Desktop\recibo.exe |
Code function: 0_2_732A1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW, |
0_2_732A1BFF |
Source: C:\Users\user\Desktop\recibo.exe |
Code function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
0_2_00405C49 |
Source: C:\Users\user\Desktop\recibo.exe |
Code function: 0_2_00406873 FindFirstFileW,FindClose, |
0_2_00406873 |
Source: C:\Users\user\Desktop\recibo.exe |
Code function: 0_2_0040290B FindFirstFileW, |
0_2_0040290B |
Source: C:\Users\user\Desktop\recibo.exe |
File opened: C:\Users\user |
Jump to behavior |
Source: C:\Users\user\Desktop\recibo.exe |
File opened: C:\Users\user\AppData\Local\Temp\FLADBARMEDES.tub |
Jump to behavior |
Source: C:\Users\user\Desktop\recibo.exe |
File opened: C:\Users\user\AppData\Local\Temp\Rekorddage.Res7 |
Jump to behavior |
Source: C:\Users\user\Desktop\recibo.exe |
File opened: C:\Users\user\AppData |
Jump to behavior |
Source: C:\Users\user\Desktop\recibo.exe |
File opened: C:\Users\user\AppData\Local\Temp |
Jump to behavior |
Source: C:\Users\user\Desktop\recibo.exe |
File opened: C:\Users\user\AppData\Local |
Jump to behavior |
Source: vm3ddevapi64-debug.dll.0.dr |
Binary or memory string: CompanyNameVMware, Inc.j! |
Source: vm3ddevapi64-debug.dll.0.dr |
Binary or memory string: noreply@vmware.com0 |
Source: vm3ddevapi64-debug.dll.0.dr |
Binary or memory string: http://www.vmware.com/0 |
Source: vm3ddevapi64-debug.dll.0.dr |
Binary or memory string: FileDescriptionVMware SVGA 3D Device API Module: |
Source: vm3ddevapi64-debug.dll.0.dr |
Binary or memory string: VMware, Inc. |
Source: vm3ddevapi64-debug.dll.0.dr |
Binary or memory string: VMware, Inc.1!0 |
Source: vm3ddevapi64-debug.dll.0.dr |
Binary or memory string: ?d:\build\ob\bora-18379147\bora-vmsoft\build\release-x64\svga\wddm\src\lib\raster\bits2pixels.cd:\build\ob\bora-18379147\bora-vmsoft\build\release-x64\svga\wddm\src\lib\umlib\log.cC:\vm3dum_log\vm3dum%s_%d-%d.logwtC:\vm3dum_log\vm3dum*.log%.4d-%.2d-%.2dT%.2d:%.2d:%.2d.%.4d| Thread ID: %d |%s%sDXUM%s: Software\VMware, Inc.\VMware SVGADebugSearchPathEXCEPTION_ACCESS_VIOLATIONEXCEPTION_ARRAY_BOUNDS_EXCEEDEDEXCEPTION_BREAKPOINTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_FLT_INEXACT_RESULTEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_FLT_OVERFLOWEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_UNDERFLOWEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_INT_OVERFLOWEXCEPTION_NONCONTINUABLE_EXCEPTIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_SINGLE_STEPunknownBacktrace[%2d] rip=%p %s+%#x %s:%d |
Source: vm3ddevapi64-debug.dll.0.dr |
Binary or memory string: http://www.vmware.com/0/ |
Source: vm3ddevapi64-debug.dll.0.dr |
Binary or memory string: Software\VMware, Inc.\VMware SVGA |
Source: vm3ddevapi64-debug.dll.0.dr |
Binary or memory string: VMware, Inc.1 |
Source: vm3ddevapi64-debug.dll.0.dr |
Binary or memory string: VMware, Inc.0 |
Source: vm3ddevapi64-debug.dll.0.dr |
Binary or memory string: ProductNameVMware SVGA 3D` |
Source: vm3ddevapi64-debug.dll.0.dr |
Binary or memory string: LegalCopyrightCopyright (C) 1998-2021 VMware, Inc.Z |
Source: C:\Users\user\Desktop\recibo.exe |
Code function: 0_2_732A1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW, |
0_2_732A1BFF |
Source: C:\Users\user\Desktop\recibo.exe |
Code function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_0040352D |