Source: | Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283784153.000000000825C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283874998.0000000008260000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.268070409.0000000008394000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.268608129.0000000007888000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.268551087.0000000007884000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284321181.0000000007528000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: cvtres.exe, 00000001.00000003.269785480.00000000078CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287248341.000000000765C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269714098.0000000007880000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: cvtres.exe, 00000001.00000003.271250139.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270748656.00000000084D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: ucrtbase.pdb source: cvtres.exe, 00000001.00000003.273084362.00000000084C0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289682200.0000000008280000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.275089189.00000000083A0000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-file-l1-2-0.pdb source: cvtres.exe, 00000001.00000003.277974574.00000000081D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277832553.00000000081D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277589930.00000000081C4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277807355.00000000081CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277654923.00000000081C8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277992608.00000000081D8000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-memory-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.265401720.0000000008394000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269369848.00000000078D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269057239.0000000007878000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-debug-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.264246608.0000000008398000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277589930.00000000081C4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277807355.00000000081CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277654923.00000000081C8000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283030101.000000000821C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.282787916.0000000008218000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278525765.0000000008210000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.267015957.0000000008394000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283366893.0000000008228000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283409391.000000000822C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283458551.0000000008230000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278671132.0000000008214000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283196066.0000000008220000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283618817.0000000008244000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283698525.000000000824C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283672079.0000000008248000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283746313.0000000008250000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.267832549.0000000008394000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.268762769.0000000007878000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284414482.00000000075F0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284181718.00000000075E0000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-heap-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.278062158.00000000081E8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278006231.00000000081E4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278187484.00000000081EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.264827087.0000000008398000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-util-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283512359.0000000008234000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283598432.0000000008238000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283030101.000000000821C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.282787916.0000000008218000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278525765.0000000008210000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283366893.0000000008228000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.267278671.0000000008394000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283409391.000000000822C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283458551.0000000008230000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278671132.0000000008214000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283196066.0000000008220000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-synch-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283030101.000000000821C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.282787916.0000000008218000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278525765.0000000008210000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283366893.0000000008228000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.266752483.0000000008394000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278671132.0000000008214000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283196066.0000000008220000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283618817.0000000008244000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283698525.000000000824C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283672079.0000000008248000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.267651225.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: vcruntime140.i386.pdbGCTL source: cvtres.exe, 00000001.00000003.276245137.00000000066AC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.290995859.0000000007858000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289559436.0000000007834000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.1.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: cvtres.exe, 00000001.00000003.269785480.00000000078CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287248341.000000000765C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269714098.0000000007880000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\NMCVXCXMXKJDFGDJKJDF.pdbBSJB source: NUEVA ORDEN-MATSA 10-2022,.exe |
Source: | Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.277832553.00000000081D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277589930.00000000081C4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277807355.00000000081CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277654923.00000000081C8000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.278525765.0000000008210000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.265957997.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269369848.00000000078D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269057239.0000000007878000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-console-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.277589930.00000000081C4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-crt-private-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.268301473.000000000788C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.268329300.0000000007874000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284181718.00000000075E0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-private-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-file-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.264406495.0000000008398000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277974574.00000000081D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277832553.00000000081D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277589930.00000000081C4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277807355.00000000081CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277654923.00000000081C8000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283618817.0000000008244000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283672079.0000000008248000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.267505452.0000000008394000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\NMCVXCXMXKJDFGDJKJDF.pdb source: NUEVA ORDEN-MATSA 10-2022,.exe |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: cvtres.exe, 00000001.00000003.272644545.00000000066CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272757796.00000000066A4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289559436.0000000007834000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.dr |
Source: | Binary string: msvcp140.i386.pdb source: cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270034811.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270237118.0000000006694000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-profile-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.282787916.0000000008218000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278525765.0000000008210000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.266283140.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278671132.0000000008214000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: ucrtbase.pdbUGP source: cvtres.exe, 00000001.00000003.273084362.00000000084C0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289682200.0000000008280000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.275089189.00000000083A0000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-crt-time-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272210606.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.1.dr |
Source: | Binary string: api-ms-win-core-handle-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.278062158.00000000081E8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278006231.00000000081E4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.1.dr |
Source: | Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\BROTHERS.pdbBSJB source: NUEVA ORDEN-MATSA 10-2022,.exe, 00000000.00000002.250033059.0000000002A70000.00000004.00000800.00020000.00000000.sdmp, NUEVA ORDEN-MATSA 10-2022,.exe, 00000000.00000002.251914030.0000000004A80000.00000004.08000000.00040000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-synch-l1-2-0.pdb source: cvtres.exe, 00000001.00000003.283030101.000000000821C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.282787916.0000000008218000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278525765.0000000008210000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283366893.0000000008228000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.266909184.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283409391.000000000822C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278671132.0000000008214000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283196066.0000000008220000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.1.dr |
Source: | Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\BROTHERS.pdb source: NUEVA ORDEN-MATSA 10-2022,.exe, 00000000.00000002.250033059.0000000002A70000.00000004.00000800.00020000.00000000.sdmp, NUEVA ORDEN-MATSA 10-2022,.exe, 00000000.00000002.251914030.0000000004A80000.00000004.08000000.00040000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.265791708.0000000008394000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.277589930.00000000081C4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277654923.00000000081C8000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.267391292.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283618817.0000000008244000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-localization-l1-2-0.pdb source: cvtres.exe, 00000001.00000003.278062158.00000000081E8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278006231.00000000081E4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278239292.00000000081F8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.265263773.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278187484.00000000081EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278214445.00000000081F0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278227969.00000000081F4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.1.dr |
Source: | Binary string: api-ms-win-crt-math-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283893964.000000000826C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.268086743.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: cvtres.exe, 00000001.00000003.272644545.00000000066CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272757796.00000000066A4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289559436.0000000007834000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.dr |
Source: | Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: cvtres.exe, 00000001.00000003.278525765.0000000008210000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278671132.0000000008214000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.266110570.0000000008394000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.265641906.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.1.dr |
Source: | Binary string: vcruntime140.i386.pdb source: cvtres.exe, 00000001.00000003.276245137.00000000066AC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.290995859.0000000007858000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289559436.0000000007834000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.1.dr |
Source: | Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283893964.000000000826C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283972789.0000000008270000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269057239.0000000007878000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283030101.000000000821C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.282787916.0000000008218000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278525765.0000000008210000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.266461893.0000000008394000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278671132.0000000008214000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283512359.0000000008234000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283030101.000000000821C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.282787916.0000000008218000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278525765.0000000008210000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283366893.0000000008228000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.267167676.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283409391.000000000822C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283458551.0000000008230000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278671132.0000000008214000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283196066.0000000008220000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.1.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272210606.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.1.dr |
Source: | Binary string: api-ms-win-core-string-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283030101.000000000821C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.282787916.0000000008218000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278525765.0000000008210000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278671132.0000000008214000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.266581701.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283196066.0000000008220000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.1.dr |
Source: | Binary string: msvcp140.i386.pdbGCTL source: cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270034811.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270237118.0000000006694000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-file-l2-1-0.pdb source: cvtres.exe, 00000001.00000003.278006231.00000000081E4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.264625947.0000000008398000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-crt-process-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.268329300.0000000007874000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.278062158.00000000081E8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278006231.00000000081E4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278187484.00000000081EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.265086491.0000000008398000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278214445.00000000081F0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.264949325.0000000008394000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278227969.00000000081F4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.278062158.00000000081E8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278006231.00000000081E4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278187484.00000000081EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278214445.00000000081F0000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.267898785.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283784153.000000000825C000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-crt-string-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.268979819.0000000007870000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.1.dr |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_004098A0 FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040D0A0 FindFirstFileW, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00408D44 FindFirstFileW,GetFileAttributesW, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00415610 FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_004087DC FreeLibrary,FindFirstFileW,DeleteFileW,FindNextFileW,SetCurrentDirectoryW,RemoveDirectoryW, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040D06E FindFirstFileW, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0041303C FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040989F FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_004111C4 FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00415610 FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00412D70 FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00412D70 FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00408D3C FindFirstFileW,GetFileAttributesW, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00412D70 FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0041158C FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00411590 FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00412D9C FindFirstFileW,FindNextFileW,FindClose, |
Source: cvtres.exe, 00000001.00000003.269785480.00000000078CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269369848.00000000078D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272644545.00000000066CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287248341.000000000765C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.271250139.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270748656.00000000084D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.275071389.00000000066C8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272757796.00000000066A4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272210606.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269057239.0000000007878000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269714098.0000000007880000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: NUEVA ORDEN-MATSA 10-2022,.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: cvtres.exe, 00000001.00000003.269785480.00000000078CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269369848.00000000078D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272644545.00000000066CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287248341.000000000765C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.271250139.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270748656.00000000084D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.275071389.00000000066C8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272757796.00000000066A4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272210606.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269057239.0000000007878000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269714098.0000000007880000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 |
Source: NUEVA ORDEN-MATSA 10-2022,.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: NUEVA ORDEN-MATSA 10-2022,.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: cvtres.exe, 00000001.00000002.299718403.0000000006690000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://cinho.shop/PL341/index.php |
Source: cvtres.exe, 00000001.00000002.299718403.0000000006690000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://cinho.shop/PL341/index.phpA |
Source: cvtres.exe, 00000001.00000003.269785480.00000000078CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269369848.00000000078D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272644545.00000000066CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287248341.000000000765C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.271250139.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270748656.00000000084D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.275071389.00000000066C8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272757796.00000000066A4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272210606.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269057239.0000000007878000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269714098.0000000007880000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: NUEVA ORDEN-MATSA 10-2022,.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: cvtres.exe, 00000001.00000003.269785480.00000000078CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269369848.00000000078D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272644545.00000000066CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287248341.000000000765C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.271250139.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270748656.00000000084D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.275071389.00000000066C8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272757796.00000000066A4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272210606.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269057239.0000000007878000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269714098.0000000007880000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O |
Source: NUEVA ORDEN-MATSA 10-2022,.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: NUEVA ORDEN-MATSA 10-2022,.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: cvtres.exe, 00000001.00000003.269785480.00000000078CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269369848.00000000078D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272644545.00000000066CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287248341.000000000765C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.271250139.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270748656.00000000084D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.275071389.00000000066C8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272757796.00000000066A4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272210606.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269057239.0000000007878000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269714098.0000000007880000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05 |
Source: cvtres.exe, 00000001.00000003.269785480.00000000078CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269369848.00000000078D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272644545.00000000066CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287248341.000000000765C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.271250139.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270748656.00000000084D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.275071389.00000000066C8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272757796.00000000066A4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272210606.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269057239.0000000007878000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269714098.0000000007880000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: NUEVA ORDEN-MATSA 10-2022,.exe | String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K |
Source: cvtres.exe, 00000001.00000003.269785480.00000000078CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269369848.00000000078D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272644545.00000000066CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287248341.000000000765C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.271250139.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270748656.00000000084D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.275071389.00000000066C8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272757796.00000000066A4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272210606.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269057239.0000000007878000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269714098.0000000007880000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L |
Source: NUEVA ORDEN-MATSA 10-2022,.exe, 00000000.00000002.250173775.0000000003A41000.00000004.00000800.00020000.00000000.sdmp, cvtres.exe, cvtres.exe, 00000001.00000000.248942345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.298767805.0000000000400000.00000040.00000400.00020000.00000000.sdmp, cvtres.exe, 00000001.00000000.248868745.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: http://ip-api.com/json |
Source: NUEVA ORDEN-MATSA 10-2022,.exe | String found in binary or memory: http://ocsp.digicert.com0A |
Source: cvtres.exe, 00000001.00000003.269785480.00000000078CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269369848.00000000078D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272644545.00000000066CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287248341.000000000765C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.271250139.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270748656.00000000084D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.275071389.00000000066C8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272757796.00000000066A4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272210606.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269057239.0000000007878000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269714098.0000000007880000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0C |
Source: cvtres.exe, 00000001.00000003.269785480.00000000078CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269369848.00000000078D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272644545.00000000066CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287248341.000000000765C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.271250139.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270748656.00000000084D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.275071389.00000000066C8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272757796.00000000066A4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272210606.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269057239.0000000007878000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269714098.0000000007880000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0N |
Source: NUEVA ORDEN-MATSA 10-2022,.exe | String found in binary or memory: http://ocsp.digicert.com0X |
Source: cvtres.exe, 00000001.00000003.269785480.00000000078CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269369848.00000000078D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272644545.00000000066CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287248341.000000000765C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.271250139.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270748656.00000000084D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.275071389.00000000066C8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272757796.00000000066A4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272210606.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269057239.0000000007878000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269714098.0000000007880000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.thawte.com0 |
Source: cvtres.exe, 00000001.00000003.269785480.00000000078CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269369848.00000000078D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272644545.00000000066CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287248341.000000000765C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.271250139.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270748656.00000000084D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.275071389.00000000066C8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272757796.00000000066A4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272210606.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269057239.0000000007878000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269714098.0000000007880000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: cvtres.exe, 00000001.00000003.269785480.00000000078CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269369848.00000000078D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272644545.00000000066CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287248341.000000000765C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.271250139.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270748656.00000000084D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.275071389.00000000066C8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272757796.00000000066A4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272210606.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269057239.0000000007878000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269714098.0000000007880000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: cvtres.exe, 00000001.00000003.269785480.00000000078CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269369848.00000000078D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272644545.00000000066CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287248341.000000000765C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.271250139.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270748656.00000000084D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.275071389.00000000066C8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272757796.00000000066A4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272210606.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269057239.0000000007878000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269714098.0000000007880000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: NUEVA ORDEN-MATSA 10-2022,.exe | String found in binary or memory: http://www.cyberlink.com0 |
Source: NUEVA ORDEN-MATSA 10-2022,.exe | String found in binary or memory: http://www.cyberlink.com0/ |
Source: NUEVA ORDEN-MATSA 10-2022,.exe | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://www.mozilla.com/en-US/blocklist/ |
Source: cvtres.exe, 00000001.00000003.269785480.00000000078CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269369848.00000000078D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272644545.00000000066CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287248341.000000000765C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.271250139.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270748656.00000000084D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.275071389.00000000066C8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272757796.00000000066A4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272210606.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269057239.0000000007878000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269714098.0000000007880000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://www.mozilla.com0 |
Source: NUEVA ORDEN-MATSA 10-2022,.exe, 00000000.00000002.250173775.0000000003A41000.00000004.00000800.00020000.00000000.sdmp, cvtres.exe, cvtres.exe, 00000001.00000000.248942345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.298767805.0000000000400000.00000040.00000400.00020000.00000000.sdmp, cvtres.exe, 00000001.00000000.248868745.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://dotbit.me/a/ |
Source: cvtres.exe, 00000001.00000003.269785480.00000000078CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269369848.00000000078D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272644545.00000000066CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287248341.000000000765C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.271250139.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270748656.00000000084D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.275071389.00000000066C8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272757796.00000000066A4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272210606.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269057239.0000000007878000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269714098.0000000007880000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: 1.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown |
Source: 1.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult Payload Author: kevoreilly |
Source: 1.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown |
Source: 1.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult Payload Author: kevoreilly |
Source: 1.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cvtres.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown |
Source: 1.0.cvtres.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult Payload Author: kevoreilly |
Source: 1.0.cvtres.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown |
Source: 1.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Azorult Payload Author: kevoreilly |
Source: 1.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown |
Source: 1.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: Azorult Payload Author: kevoreilly |
Source: 1.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown |
Source: 1.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult Payload Author: kevoreilly |
Source: 1.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 1.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown |
Source: 1.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Azorult Payload Author: kevoreilly |
Source: 1.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown |
Source: 1.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult Payload Author: kevoreilly |
Source: 1.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown |
Source: 1.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Azorult Payload Author: kevoreilly |
Source: 1.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 1.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown |
Source: 1.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult Payload Author: kevoreilly |
Source: 1.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown |
Source: 1.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Azorult Payload Author: kevoreilly |
Source: 1.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown |
Source: 1.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: Azorult Payload Author: kevoreilly |
Source: 1.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown |
Source: 1.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE | Matched rule: Azorult Payload Author: kevoreilly |
Source: 1.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 1.2.cvtres.exe.7e35982.5.raw.unpack, type: UNPACKEDPE | Matched rule: OlympicDestroyer Payload Author: kevoreilly |
Source: 1.2.cvtres.exe.7e3b8e3.4.raw.unpack, type: UNPACKEDPE | Matched rule: OlympicDestroyer Payload Author: kevoreilly |
Source: 1.2.cvtres.exe.7e414d2.6.raw.unpack, type: UNPACKEDPE | Matched rule: OlympicDestroyer Payload Author: kevoreilly |
Source: 00000001.00000000.248942345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown |
Source: 00000001.00000000.248942345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult Payload Author: kevoreilly |
Source: 00000001.00000000.248942345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 00000001.00000000.249057187.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown |
Source: 00000001.00000000.249057187.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult Payload Author: kevoreilly |
Source: 00000001.00000000.249057187.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 00000001.00000000.248993320.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown |
Source: 00000001.00000000.248993320.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult Payload Author: kevoreilly |
Source: 00000001.00000000.248993320.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 00000001.00000002.298767805.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown |
Source: 00000001.00000002.298767805.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult Payload Author: kevoreilly |
Source: 00000001.00000002.298767805.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 00000001.00000000.249215469.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown |
Source: 00000001.00000000.249215469.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult Payload Author: kevoreilly |
Source: 00000001.00000000.249215469.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 00000001.00000000.248868745.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown |
Source: 00000001.00000000.248868745.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult Payload Author: kevoreilly |
Source: 00000001.00000000.248868745.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000002.250173775.0000000003A41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown |
Source: 00000000.00000002.250173775.0000000003A41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04 |
Source: 1.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 1.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 1.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04 |
Source: 1.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 1.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 1.0.cvtres.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04 |
Source: 1.0.cvtres.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 1.0.cvtres.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 1.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04 |
Source: 1.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 1.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 1.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04 |
Source: 1.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 1.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 1.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04 |
Source: 1.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 1.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 1.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04 |
Source: 1.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 1.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 1.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04 |
Source: 1.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 1.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 1.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04 |
Source: 1.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 1.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 1.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04 |
Source: 1.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 1.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 1.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04 |
Source: 1.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 1.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 1.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04 |
Source: 1.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 1.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 1.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04 |
Source: 1.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 1.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 1.2.cvtres.exe.7e35982.5.raw.unpack, type: UNPACKEDPE | Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload |
Source: 1.2.cvtres.exe.7e3b8e3.4.raw.unpack, type: UNPACKEDPE | Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload |
Source: 1.2.cvtres.exe.7e414d2.6.raw.unpack, type: UNPACKEDPE | Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload |
Source: 00000001.00000000.248942345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04 |
Source: 00000001.00000000.248942345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 00000001.00000000.248942345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 00000001.00000000.249057187.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04 |
Source: 00000001.00000000.249057187.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 00000001.00000000.249057187.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 00000001.00000000.248993320.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04 |
Source: 00000001.00000000.248993320.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 00000001.00000000.248993320.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 00000001.00000002.298767805.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04 |
Source: 00000001.00000002.298767805.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 00000001.00000002.298767805.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 00000001.00000000.249215469.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04 |
Source: 00000001.00000000.249215469.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 00000001.00000000.249215469.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 00000001.00000000.248868745.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04 |
Source: 00000001.00000000.248868745.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 00000001.00000000.248868745.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000002.250173775.0000000003A41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04 |
Source: 00000000.00000002.250173775.0000000003A41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research |
Source: api-ms-win-core-handle-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-string-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-synch-l1-2-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-memory-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-debug-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-utility-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-environment-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-heap-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-console-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-process-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-file-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-file-l2-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-runtime-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-string-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-profile-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-file-l1-2-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-libraryloader-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-localization-l1-2-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-datetime-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-time-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-locale-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-processthreads-l1-1-1.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-namedpipe-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-filesystem-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-multibyte-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-stdio-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-util-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-math-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-private-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-interlocked-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-heap-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-synch-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-conio-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-core-timezone-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: api-ms-win-crt-convert-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
Source: | Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283784153.000000000825C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283874998.0000000008260000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.268070409.0000000008394000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.268608129.0000000007888000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.268551087.0000000007884000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284321181.0000000007528000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: cvtres.exe, 00000001.00000003.269785480.00000000078CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287248341.000000000765C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269714098.0000000007880000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: cvtres.exe, 00000001.00000003.271250139.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270748656.00000000084D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: ucrtbase.pdb source: cvtres.exe, 00000001.00000003.273084362.00000000084C0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289682200.0000000008280000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.275089189.00000000083A0000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-file-l1-2-0.pdb source: cvtres.exe, 00000001.00000003.277974574.00000000081D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277832553.00000000081D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277589930.00000000081C4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277807355.00000000081CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277654923.00000000081C8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277992608.00000000081D8000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-memory-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.265401720.0000000008394000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269369848.00000000078D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269057239.0000000007878000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-debug-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.264246608.0000000008398000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277589930.00000000081C4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277807355.00000000081CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277654923.00000000081C8000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283030101.000000000821C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.282787916.0000000008218000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278525765.0000000008210000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.267015957.0000000008394000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283366893.0000000008228000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283409391.000000000822C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283458551.0000000008230000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278671132.0000000008214000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283196066.0000000008220000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283618817.0000000008244000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283698525.000000000824C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283672079.0000000008248000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283746313.0000000008250000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.267832549.0000000008394000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.268762769.0000000007878000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284414482.00000000075F0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284181718.00000000075E0000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-heap-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.278062158.00000000081E8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278006231.00000000081E4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278187484.00000000081EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.264827087.0000000008398000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-util-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283512359.0000000008234000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283598432.0000000008238000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283030101.000000000821C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.282787916.0000000008218000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278525765.0000000008210000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283366893.0000000008228000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.267278671.0000000008394000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283409391.000000000822C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283458551.0000000008230000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278671132.0000000008214000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283196066.0000000008220000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-synch-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283030101.000000000821C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.282787916.0000000008218000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278525765.0000000008210000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283366893.0000000008228000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.266752483.0000000008394000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278671132.0000000008214000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283196066.0000000008220000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283618817.0000000008244000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283698525.000000000824C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283672079.0000000008248000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.267651225.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: vcruntime140.i386.pdbGCTL source: cvtres.exe, 00000001.00000003.276245137.00000000066AC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.290995859.0000000007858000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289559436.0000000007834000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.1.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: cvtres.exe, 00000001.00000003.269785480.00000000078CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287248341.000000000765C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269714098.0000000007880000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\NMCVXCXMXKJDFGDJKJDF.pdbBSJB source: NUEVA ORDEN-MATSA 10-2022,.exe |
Source: | Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.277832553.00000000081D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277589930.00000000081C4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277807355.00000000081CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277654923.00000000081C8000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.278525765.0000000008210000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.265957997.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269369848.00000000078D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286974853.0000000007608000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269057239.0000000007878000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269503745.0000000007880000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-console-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.277589930.00000000081C4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-crt-private-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.268301473.000000000788C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.268329300.0000000007874000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.284181718.00000000075E0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-private-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-file-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.264406495.0000000008398000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277974574.00000000081D4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277832553.00000000081D0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277589930.00000000081C4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277807355.00000000081CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277654923.00000000081C8000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283618817.0000000008244000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283672079.0000000008248000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.267505452.0000000008394000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\NMCVXCXMXKJDFGDJKJDF.pdb source: NUEVA ORDEN-MATSA 10-2022,.exe |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: cvtres.exe, 00000001.00000003.272644545.00000000066CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272757796.00000000066A4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289559436.0000000007834000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.dr |
Source: | Binary string: msvcp140.i386.pdb source: cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270034811.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270237118.0000000006694000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-profile-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.282787916.0000000008218000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278525765.0000000008210000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.266283140.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278671132.0000000008214000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: ucrtbase.pdbUGP source: cvtres.exe, 00000001.00000003.273084362.00000000084C0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289682200.0000000008280000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.275089189.00000000083A0000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-crt-time-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272210606.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.1.dr |
Source: | Binary string: api-ms-win-core-handle-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.278062158.00000000081E8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278006231.00000000081E4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.1.dr |
Source: | Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\BROTHERS.pdbBSJB source: NUEVA ORDEN-MATSA 10-2022,.exe, 00000000.00000002.250033059.0000000002A70000.00000004.00000800.00020000.00000000.sdmp, NUEVA ORDEN-MATSA 10-2022,.exe, 00000000.00000002.251914030.0000000004A80000.00000004.08000000.00040000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-synch-l1-2-0.pdb source: cvtres.exe, 00000001.00000003.283030101.000000000821C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.282787916.0000000008218000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278525765.0000000008210000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283366893.0000000008228000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.266909184.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283409391.000000000822C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278671132.0000000008214000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283196066.0000000008220000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.1.dr |
Source: | Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\BROTHERS.pdb source: NUEVA ORDEN-MATSA 10-2022,.exe, 00000000.00000002.250033059.0000000002A70000.00000004.00000800.00020000.00000000.sdmp, NUEVA ORDEN-MATSA 10-2022,.exe, 00000000.00000002.251914030.0000000004A80000.00000004.08000000.00040000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.265791708.0000000008394000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.277589930.00000000081C4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.277654923.00000000081C8000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.267391292.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283618817.0000000008244000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-localization-l1-2-0.pdb source: cvtres.exe, 00000001.00000003.278062158.00000000081E8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278006231.00000000081E4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278239292.00000000081F8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.265263773.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278187484.00000000081EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278214445.00000000081F0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278227969.00000000081F4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.1.dr |
Source: | Binary string: api-ms-win-crt-math-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283893964.000000000826C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.268086743.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: cvtres.exe, 00000001.00000003.272644545.00000000066CC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272757796.00000000066A4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289559436.0000000007834000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.1.dr |
Source: | Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: cvtres.exe, 00000001.00000003.278525765.0000000008210000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278671132.0000000008214000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.266110570.0000000008394000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.265641906.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.1.dr |
Source: | Binary string: vcruntime140.i386.pdb source: cvtres.exe, 00000001.00000003.276245137.00000000066AC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.290995859.0000000007858000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289559436.0000000007834000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.1.dr |
Source: | Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283893964.000000000826C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283972789.0000000008270000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.285608637.0000000007600000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.286617765.0000000007604000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.269057239.0000000007878000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283030101.000000000821C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.282787916.0000000008218000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278525765.0000000008210000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.266461893.0000000008394000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278671132.0000000008214000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283512359.0000000008234000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283030101.000000000821C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.282787916.0000000008218000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278525765.0000000008210000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283366893.0000000008228000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.267167676.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283409391.000000000822C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283458551.0000000008230000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278671132.0000000008214000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283196066.0000000008220000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.1.dr |
Source: | Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: cvtres.exe, 00000001.00000003.289068722.00000000076EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.289451882.000000000781C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272309123.0000000006694000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.272210606.00000000083A0000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.1.dr |
Source: | Binary string: api-ms-win-core-string-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.283030101.000000000821C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.282787916.0000000008218000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278525765.0000000008210000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278457897.0000000008208000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278497281.000000000820C000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278263471.0000000008204000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278671132.0000000008214000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.266581701.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283196066.0000000008220000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.1.dr |
Source: | Binary string: msvcp140.i386.pdbGCTL source: cvtres.exe, 00000001.00000003.287286269.0000000007684000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270034811.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.270237118.0000000006694000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-core-file-l2-1-0.pdb source: cvtres.exe, 00000001.00000003.278006231.00000000081E4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.264625947.0000000008398000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-crt-process-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.268329300.0000000007874000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.278062158.00000000081E8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278006231.00000000081E4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278187484.00000000081EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.265086491.0000000008398000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278214445.00000000081F0000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.264949325.0000000008394000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278227969.00000000081F4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.1.dr |
Source: | Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.278062158.00000000081E8000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278006231.00000000081E4000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278187484.00000000081EC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.278214445.00000000081F0000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.267898785.0000000007870000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.303799165.0000000007A00000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.283784153.000000000825C000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: api-ms-win-crt-string-l1-1-0.pdb source: cvtres.exe, 00000001.00000003.284438762.00000000075FC000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.306509840.0000000007E30000.00000004.00001000.00020000.00000000.sdmp, cvtres.exe, 00000001.00000003.268979819.0000000007870000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.1.dr |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040D86E push 0040D89Ch; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040D870 push 0040D89Ch; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_004140C0 push 004140ECh; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_004108C8 push 004108F4h; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040B0F7 push 0040B124h; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040B0F8 push 0040B124h; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00408080 push 004080B8h; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00408158 push 00408196h; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00408970 push 004089E4h; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00408994 push 004089E4h; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_004089AC push 004089E4h; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00415208 push 0041528Ch; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040CA0C push 0040CA3Ch; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040CA10 push 0040CA3Ch; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00417AEC push 00417B18h; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00404BC0 push 00404C11h; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040D3C0 push 0040D3ECh; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040A3E4 push 0040A410h; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040C390 push 0040C3C0h; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040C394 push 0040C3C0h; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040A3AC push 0040A3D8h; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040DC44 push 0040DCA3h; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040DC0C push 0040DC38h; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040B41E push 0040B44Ch; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040B420 push 0040B44Ch; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040A438 push 0040A464h; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0041A4F4 push 0041A51Ah; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00414C80 push 00414CACh; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00409488 push 004094B8h; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0041A4AC push 0041A4E8h; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00418CB8 push 00418CE8h; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-datetime-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-file-l2-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-console-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\nss3.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-heap-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\mozglue.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-libraryloader-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-conio-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\ucrtbase.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\msvcp140.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-string-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-private-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-handle-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-timezone-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-runtime-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-processthreads-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-namedpipe-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-math-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\softokn3.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-processthreads-l1-1-1.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-heap-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-sysinfo-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-convert-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-errorhandling-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-synch-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-process-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-stdio-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\freebl3.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-filesystem-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-file-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-time-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-profile-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-util-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\vcruntime140.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-rtlsupport-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-environment-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-interlocked-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-locale-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-processenvironment-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-synch-l1-2-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-file-l1-2-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-memory-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-string-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-multibyte-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-debug-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-localization-l1-2-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-utility-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | File created: C:\Users\user\AppData\Local\Temp\1C1DB9BC\nssdbm3.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-errorhandling-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-synch-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-process-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-stdio-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-datetime-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-file-l2-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\freebl3.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-console-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-heap-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-filesystem-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-libraryloader-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-conio-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-file-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-time-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-util-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-profile-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-rtlsupport-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-string-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-interlocked-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-environment-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-private-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-locale-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-processenvironment-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-synch-l1-2-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-handle-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-timezone-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-file-l1-2-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-runtime-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-processthreads-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-namedpipe-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-math-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-memory-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-string-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-multibyte-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\softokn3.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-debug-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-sysinfo-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-processthreads-l1-1-1.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-heap-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-utility-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-core-localization-l1-2-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\api-ms-win-crt-convert-l1-1-0.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1C1DB9BC\nssdbm3.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_004098A0 FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040D0A0 FindFirstFileW, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00408D44 FindFirstFileW,GetFileAttributesW, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00415610 FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_004087DC FreeLibrary,FindFirstFileW,DeleteFileW,FindNextFileW,SetCurrentDirectoryW,RemoveDirectoryW, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040D06E FindFirstFileW, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0041303C FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0040989F FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_004111C4 FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00415610 FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00412D70 FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00412D70 FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00408D3C FindFirstFileW,GetFileAttributesW, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00412D70 FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_0041158C FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00411590 FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | Code function: 1_2_00412D9C FindFirstFileW,FindNextFileW,FindClose, |