Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0041208D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,_memset,lstrcatA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,GetFileAttributesA,GetFileAttributesA,GetFileAttributesA,_memset,_memset,_memset,_memset,_memset,_memset,FindNextFileA,FindClose,_memset,lstrcatA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,GetFileAttributesA,GetFileAttributesA,GetFileAttributesA, |
1_2_0041208D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0040C955 lstrcatA,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,wsprintfA,GetFileAttributesA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, |
1_2_0040C955 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_00411117 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,FindNextFileA,FindClose, |
1_2_00411117 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_004101E9 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,_sprintf,_memset,wsprintfA,StrCmpCA,StrCmpCA,GetFileAttributesA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
1_2_004101E9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_004162AB __EH_prolog3_GS,FindFirstFileW,FindNextFileW, |
1_2_004162AB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_00408B15 __EH_prolog3_GS,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,_memset,lstrcatA,lstrlen, |
1_2_00408B15 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0041048F wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
1_2_0041048F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0040954D wsprintfA,FindFirstFileA,lstrcatA,StrCmpCA,StrCmpCA,lstrcpy,lstrcatA,lstrcatA,StrCmpCA,wsprintfA,wsprintfA,lstrlen,_strtok_s,PathMatchSpecA,CoInitialize,_strtok_s,PathMatchSpecA,lstrcpy,lstrcatA,PathFindFileNameA,lstrcatA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,PathMatchSpecA,lstrcpy,lstrcatA,lstrcatA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,PathMatchSpecA,CoInitialize,PathMatchSpecA,lstrcpy,PathMatchSpecA,lstrcpy,FindNextFileA,FindClose, |
1_2_0040954D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_00411DA6 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,_memset,_memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,_memset,lstrcatA,lstrcatA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose, |
1_2_00411DA6 |
Source: cvtres.exe, 00000001.00000002.594456263.0000000004D0D000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.594536976.0000000004D50000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.594439750.0000000004D06000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://45.159.249.4/1474 |
Source: cvtres.exe, 00000001.00000002.594456263.0000000004D0D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://45.159.249.4/147474R |
Source: cvtres.exe, 00000001.00000002.594456263.0000000004D0D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://45.159.249.4/1474N |
Source: cvtres.exe, 00000001.00000002.594456263.0000000004D0D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://45.159.249.4/1474b |
Source: cvtres.exe, 00000001.00000002.594456263.0000000004D0D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://45.159.249.4/1474h.dll |
Source: cvtres.exe, 00000001.00000002.594456263.0000000004D0D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://45.159.249.4/1474l |
Source: cvtres.exe, 00000001.00000002.594439750.0000000004D06000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://45.159.249.4/1474stem32 |
Source: cvtres.exe, 00000001.00000002.594456263.0000000004D0D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://45.159.249.4/1474u |
Source: cvtres.exe, 00000001.00000002.594456263.0000000004D0D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://45.159.249.4/1474x |
Source: cvtres.exe, 00000001.00000002.594456263.0000000004D0D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://45.159.249.4/=: |
Source: cvtres.exe, 00000001.00000003.572535033.0000000004D5F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://45.159.249.4:80 |
Source: uGfpJynSWM.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: uGfpJynSWM.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: uGfpJynSWM.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 |
Source: uGfpJynSWM.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: uGfpJynSWM.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: cvtres.exe, 00000001.00000002.594456263.0000000004D0D000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.340494604.0000000004D0E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.341146688.0000000004D09000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: cvtres.exe, 00000001.00000002.594456263.0000000004D0D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.microsoft.c |
Source: uGfpJynSWM.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: uGfpJynSWM.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O |
Source: uGfpJynSWM.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: uGfpJynSWM.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: uGfpJynSWM.exe |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05 |
Source: uGfpJynSWM.exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: uGfpJynSWM.exe |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L |
Source: uGfpJynSWM.exe |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: uGfpJynSWM.exe |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: uGfpJynSWM.exe |
String found in binary or memory: http://ocsp.digicert.com0N |
Source: uGfpJynSWM.exe |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: cvtres.exe, 00000001.00000003.525955386.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.341096016.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.526436186.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.433793618.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.480140552.0000000004D59000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.387373494.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.572535033.0000000004D5F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://climatejustice.global |
Source: cvtres.exe, 00000001.00000003.525955386.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.341096016.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.526436186.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.433793618.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.480140552.0000000004D59000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.387373494.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.572535033.0000000004D5F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://climatejustice.rocks |
Source: cvtres.exe, 00000001.00000003.341135942.0000000004D07000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://climatejustice.social |
Source: cvtres.exe, 00000001.00000003.572535033.0000000004D5F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://climatejustice.social/ |
Source: cvtres.exe, 00000001.00000003.526458800.0000000004D54000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.594549794.0000000004D57000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.341127759.0000000004D02000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.572585218.0000000004D75000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.594578967.0000000004D75000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.341146688.0000000004D09000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.594439750.0000000004D06000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.341135942.0000000004D07000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://climatejustice.social/.well-known/webfinger?resource=acct%3Affoleg94%40climatejustice.social |
Source: cvtres.exe, 00000001.00000003.572535033.0000000004D5F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://climatejustice.social/avatars/original/missing.png |
Source: cvtres.exe, 00000001.00000003.341096016.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.433793618.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.594549794.0000000004D57000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.480140552.0000000004D59000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.526464880.0000000004D57000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.387373494.0000000004D47000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://climatejustice.social/custom.css |
Source: cvtres.exe, 00000001.00000003.525955386.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.341096016.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.526436186.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.433793618.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.480140552.0000000004D59000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.387373494.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.572535033.0000000004D5F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://climatejustice.social/tags/gitea" |
Source: cvtres.exe, 00000001.00000003.525955386.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.341096016.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.526436186.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.433793618.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.480140552.0000000004D59000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.387373494.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.572535033.0000000004D5F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://climatejustice.social/tags/gitlab" |
Source: cvtres.exe, 00000001.00000003.525955386.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.341096016.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.526436186.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.433793618.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.480140552.0000000004D59000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.387373494.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.572535033.0000000004D5F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://climatejustice.social/tags/grunewald" |
Source: cvtres.exe, 00000001.00000003.341096016.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.526458800.0000000004D54000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.433793618.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.594549794.0000000004D57000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.341127759.0000000004D02000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.480140552.0000000004D59000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.572585218.0000000004D75000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.594578967.0000000004D75000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.341146688.0000000004D09000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.594439750.0000000004D06000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.387373494.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.341135942.0000000004D07000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.572535033.0000000004D5F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://climatejustice.social/users/ffoleg94 |
Source: cvtres.exe, 00000001.00000003.572535033.0000000004D5F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://climatejustice.social/users/ffoleg94/followers |
Source: cvtres.exe, 00000001.00000003.572535033.0000000004D5F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://climatejustice.social/users/ffoleg94/following |
Source: cvtres.exe, 00000001.00000003.341135942.0000000004D07000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://climatejustice.social; |
Source: cvtres.exe, 00000001.00000003.525955386.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.341096016.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.526436186.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.433793618.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.480140552.0000000004D59000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.387373494.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.572535033.0000000004D5F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.joinmastodon.org/ |
Source: cvtres.exe, 00000001.00000003.525955386.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.341096016.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.526436186.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.433793618.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.480140552.0000000004D59000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.387373494.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.572535033.0000000004D5F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.joinmastodon.org/client/intro/ |
Source: cvtres.exe, 00000001.00000003.525955386.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.340436007.0000000004D01000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.572125764.0000000004D5F000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.479685777.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.386980069.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.433280864.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400 |
Source: cvtres.exe, 00000001.00000003.525955386.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.341096016.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.526436186.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.433793618.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.480140552.0000000004D59000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.387373494.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.572535033.0000000004D5F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://funk.climatejustice.global |
Source: cvtres.exe, 00000001.00000003.572535033.0000000004D5F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/mastodon/mastodon |
Source: cvtres.exe, 00000001.00000003.525955386.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.341096016.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.526436186.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.433793618.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.480140552.0000000004D59000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.387373494.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.572535033.0000000004D5F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://joinmastodon.org/ |
Source: cvtres.exe, 00000001.00000003.572535033.0000000004D5F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://joinmastodon.org/apps |
Source: uGfpJynSWM.exe, 00000000.00000002.336204598.0000000002BEF000.00000004.00000800.00020000.00000000.sdmp, uGfpJynSWM.exe, 00000000.00000002.336360720.0000000003BE1000.00000004.00000800.00020000.00000000.sdmp, cvtres.exe, cvtres.exe, 00000001.00000003.525955386.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000000.334513678.0000000000400000.00000040.00000400.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.340436007.0000000004D01000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.572125764.0000000004D5F000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.594456263.0000000004D0D000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.340494604.0000000004D0E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.593774226.0000000000400000.00000040.00000400.00020000.00000000.sdmp, cvtres.exe, 00000001.00000000.333395548.0000000000400000.00000040.00000400.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.594439750.0000000004D06000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.479685777.0000000004D5E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.386980069.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.433280864.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/korstonsales |
Source: uGfpJynSWM.exe, 00000000.00000002.336204598.0000000002BEF000.00000004.00000800.00020000.00000000.sdmp, uGfpJynSWM.exe, 00000000.00000002.336360720.0000000003BE1000.00000004.00000800.00020000.00000000.sdmp, cvtres.exe, 00000001.00000000.334513678.0000000000400000.00000040.00000400.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.593774226.0000000000400000.00000040.00000400.00020000.00000000.sdmp, cvtres.exe, 00000001.00000000.333395548.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/korstonsaleshttps://climatejustice.social/ |
Source: cvtres.exe, 00000001.00000003.340494604.0000000004D0E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/korstonsalesi |
Source: cvtres.exe, 00000001.00000003.433280864.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://telegram.org/img/t_logo.png |
Source: cvtres.exe, 00000001.00000003.386988114.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.433280864.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://web.telegram.org |
Source: uGfpJynSWM.exe |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: 0.2.uGfpJynSWM.exe.3be5530.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 1.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 1.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 1.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 1.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 1.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 0.2.uGfpJynSWM.exe.3be5530.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 1.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 1.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 1.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 1.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 1.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 1.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 1.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 00000000.00000002.336204598.0000000002BEF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 00000001.00000000.334513678.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 00000001.00000000.334068069.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 00000001.00000000.333395548.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 00000001.00000002.593774226.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 00000001.00000000.333726198.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 00000000.00000002.336360720.0000000003BE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: Process Memory Space: uGfpJynSWM.exe PID: 6360, type: MEMORYSTR |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: Process Memory Space: cvtres.exe PID: 6392, type: MEMORYSTR |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 0.2.uGfpJynSWM.exe.3be5530.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 1.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 1.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 1.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 1.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 1.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 0.2.uGfpJynSWM.exe.3be5530.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 1.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 1.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 1.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 1.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 1.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 1.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 1.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 00000000.00000002.336204598.0000000002BEF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 00000001.00000000.334513678.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 00000001.00000000.334068069.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 00000001.00000000.333395548.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 00000001.00000002.593774226.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 00000001.00000000.333726198.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 00000000.00000002.336360720.0000000003BE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: Process Memory Space: uGfpJynSWM.exe PID: 6360, type: MEMORYSTR |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: Process Memory Space: cvtres.exe PID: 6392, type: MEMORYSTR |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B2550 |
0_2_013B2550 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B29F0 |
0_2_013B29F0 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B1C10 |
0_2_013B1C10 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B0448 |
0_2_013B0448 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013BC88F |
0_2_013BC88F |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B9330 |
0_2_013B9330 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013BEB10 |
0_2_013BEB10 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B2F70 |
0_2_013B2F70 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013BA680 |
0_2_013BA680 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B3EC0 |
0_2_013B3EC0 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B5928 |
0_2_013B5928 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B5918 |
0_2_013B5918 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B29E0 |
0_2_013B29E0 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B5C30 |
0_2_013B5C30 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B5C20 |
0_2_013B5C20 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B907E |
0_2_013B907E |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B90A8 |
0_2_013B90A8 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B64A8 |
0_2_013B64A8 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B6498 |
0_2_013B6498 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013BC89C |
0_2_013BC89C |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B1088 |
0_2_013B1088 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B6F31 |
0_2_013B6F31 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013BAB29 |
0_2_013BAB29 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013BAB1A |
0_2_013BAB1A |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B6F48 |
0_2_013B6F48 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B5FD8 |
0_2_013B5FD8 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B5FC8 |
0_2_013B5FC8 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B0FC0 |
0_2_013B0FC0 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B6230 |
0_2_013B6230 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013BCE06 |
0_2_013BCE06 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013BA671 |
0_2_013BA671 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013BCE6A |
0_2_013BCE6A |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013B6AA9 |
0_2_013B6AA9 |
Source: C:\Users\user\Desktop\uGfpJynSWM.exe |
Code function: 0_2_013BAA85 |
0_2_013BAA85 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0042C072 |
1_2_0042C072 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0040781A |
1_2_0040781A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0042B085 |
1_2_0042B085 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_004320B0 |
1_2_004320B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0042B8B8 |
1_2_0042B8B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0041E960 |
1_2_0041E960 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_00419970 |
1_2_00419970 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0040593E |
1_2_0040593E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0040513E |
1_2_0040513E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_004062D9 |
1_2_004062D9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_00431B5F |
1_2_00431B5F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0041BB33 |
1_2_0041BB33 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_004334C4 |
1_2_004334C4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0042BC8A |
1_2_0042BC8A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0042B51A |
1_2_0042B51A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0040665A |
1_2_0040665A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0043160E |
1_2_0043160E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0041C6DE |
1_2_0041C6DE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0043278C |
1_2_0043278C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0041208D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,_memset,lstrcatA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,GetFileAttributesA,GetFileAttributesA,GetFileAttributesA,_memset,_memset,_memset,_memset,_memset,_memset,FindNextFileA,FindClose,_memset,lstrcatA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,GetFileAttributesA,GetFileAttributesA,GetFileAttributesA, |
1_2_0041208D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0040C955 lstrcatA,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,wsprintfA,GetFileAttributesA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, |
1_2_0040C955 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_00411117 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,FindNextFileA,FindClose, |
1_2_00411117 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_004101E9 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,_sprintf,_memset,wsprintfA,StrCmpCA,StrCmpCA,GetFileAttributesA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
1_2_004101E9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_004162AB __EH_prolog3_GS,FindFirstFileW,FindNextFileW, |
1_2_004162AB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_00408B15 __EH_prolog3_GS,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,_memset,lstrcatA,lstrlen, |
1_2_00408B15 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0041048F wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
1_2_0041048F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_0040954D wsprintfA,FindFirstFileA,lstrcatA,StrCmpCA,StrCmpCA,lstrcpy,lstrcatA,lstrcatA,StrCmpCA,wsprintfA,wsprintfA,lstrlen,_strtok_s,PathMatchSpecA,CoInitialize,_strtok_s,PathMatchSpecA,lstrcpy,lstrcatA,PathFindFileNameA,lstrcatA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,PathMatchSpecA,lstrcpy,lstrcatA,lstrcatA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,PathMatchSpecA,CoInitialize,PathMatchSpecA,lstrcpy,PathMatchSpecA,lstrcpy,FindNextFileA,FindClose, |
1_2_0040954D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: 1_2_00411DA6 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,_memset,_memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,_memset,lstrcatA,lstrcatA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose, |
1_2_00411DA6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea, |
1_2_0042E8D7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
1_2_0042A969 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: GetProcessHeap,HeapAlloc,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,wsprintfA,wsprintfA,_memset,LocalFree, |
1_2_0041593C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
1_2_0042E9B1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free, |
1_2_0042A249 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: __getptd,_LcidFromHexString,GetLocaleInfoA, |
1_2_0042AA5E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW, |
1_2_00429283 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage, |
1_2_0042AB60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: GetLocaleInfoW,_GetPrimaryLen,_strlen, |
1_2_0042AB05 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement, |
1_2_00421BE1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage, |
1_2_0042AD31 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free, |
1_2_0042A537 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, |
1_2_004295ED |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, |
1_2_0042ADF1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, |
1_2_0042AE58 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: GetLocaleInfoA, |
1_2_00422ED2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s, |
1_2_0042AE94 |
Source: Yara match |
File source: 0.2.uGfpJynSWM.exe.3be5530.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.uGfpJynSWM.exe.3be5530.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.336204598.0000000002BEF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000000.334513678.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000000.334068069.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000000.333395548.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.593774226.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000000.333726198.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.336360720.0000000003BE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: uGfpJynSWM.exe PID: 6360, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: cvtres.exe PID: 6392, type: MEMORYSTR |
Source: Yara match |
File source: 0.2.uGfpJynSWM.exe.3be5530.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.uGfpJynSWM.exe.3be5530.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.336204598.0000000002BEF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000000.334513678.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000000.334068069.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000000.333395548.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.593774226.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000000.333726198.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.336360720.0000000003BE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: uGfpJynSWM.exe PID: 6360, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: cvtres.exe PID: 6392, type: MEMORYSTR |