Source: 1.2.rtvzitvzef.exe.a23658.2.unpack |
Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Host": "gtasportsltd.com", "Username": "vestorfile@gtasportsltd.com", "Password": "00$rqv^A,;te "} |
Source: |
Binary string: wntdll.pdbUGP source: rtvzitvzef.exe, 00000001.00000003.250525206.000000001A170000.00000004.00001000.00020000.00000000.sdmp, rtvzitvzef.exe, 00000001.00000003.248575249.0000000019FE0000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: wntdll.pdb source: rtvzitvzef.exe, 00000001.00000003.250525206.000000001A170000.00000004.00001000.00020000.00000000.sdmp, rtvzitvzef.exe, 00000001.00000003.248575249.0000000019FE0000.00000004.00001000.00020000.00000000.sdmp |
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
Code function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
0_2_00405D74 |
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
Code function: 0_2_0040699E FindFirstFileW,FindClose, |
0_2_0040699E |
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
Code function: 0_2_0040290B FindFirstFileW, |
0_2_0040290B |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 1_2_004089F8 FindFirstFileExW, |
1_2_004089F8 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 3_2_00406715 FindFirstFileExW, |
3_2_00406715 |
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
Code function: 0_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, |
0_2_00405809 |
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
Code function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_00403640 |
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
Code function: 0_2_00406D5F |
0_2_00406D5F |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 1_2_00410371 |
1_2_00410371 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 1_2_009F08B7 |
1_2_009F08B7 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 1_2_009F0A34 |
1_2_009F0A34 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 3_2_0040CBD1 |
3_2_0040CBD1 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 3_2_023C7240 |
3_2_023C7240 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 3_2_023CC2F0 |
3_2_023CC2F0 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 3_2_023C7E58 |
3_2_023C7E58 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 3_2_023C7588 |
3_2_023C7588 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 3_2_023C4C7B |
3_2_023C4C7B |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 3_2_056DCC51 |
3_2_056DCC51 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 3_2_056DC1BC |
3_2_056DC1BC |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: String function: 004019C0 appears 42 times |
|
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: String function: 00401EE0 appears 33 times |
|
Source: unknown |
Process created: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
|
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
Process created: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe "C:\Users\user~1\AppData\Local\Temp\rtvzitvzef.exe" C:\Users\user~1\AppData\Local\Temp\ggbdhaflcbm.cer |
|
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process created: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe C:\Users\user~1\AppData\Local\Temp\rtvzitvzef.exe |
|
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
Process created: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe "C:\Users\user~1\AppData\Local\Temp\rtvzitvzef.exe" C:\Users\user~1\AppData\Local\Temp\ggbdhaflcbm.cer |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process created: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe C:\Users\user~1\AppData\Local\Temp\rtvzitvzef.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
Code function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_00403640 |
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
Code function: 0_2_00404AB5 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, |
0_2_00404AB5 |
Source: rtvzitvzef.exe, 00000003.00000002.507831904.000000000265D000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key)); |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 3_2_0040147B GetModuleHandleW,GetModuleHandleW,FindResourceW,GetModuleHandleW,LoadResource,LockResource,GetModuleHandleW,SizeofResource,FreeResource,ExitProcess, |
3_2_0040147B |
Source: |
Binary string: wntdll.pdbUGP source: rtvzitvzef.exe, 00000001.00000003.250525206.000000001A170000.00000004.00001000.00020000.00000000.sdmp, rtvzitvzef.exe, 00000001.00000003.248575249.0000000019FE0000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: wntdll.pdb source: rtvzitvzef.exe, 00000001.00000003.250525206.000000001A170000.00000004.00001000.00020000.00000000.sdmp, rtvzitvzef.exe, 00000001.00000003.248575249.0000000019FE0000.00000004.00001000.00020000.00000000.sdmp |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 1_2_00410AA4 push ecx; ret |
1_2_00410AB7 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 3_2_0040D2E1 push ecx; ret |
3_2_0040D2F4 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 3_2_023CD286 push esi; retf |
3_2_023CD287 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 3_2_056D5278 pushfd ; iretd |
3_2_056D5279 |
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
Code function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
0_2_00405D74 |
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
Code function: 0_2_0040699E FindFirstFileW,FindClose, |
0_2_0040699E |
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
Code function: 0_2_0040290B FindFirstFileW, |
0_2_0040290B |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 1_2_004089F8 FindFirstFileExW, |
1_2_004089F8 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 3_2_00406715 FindFirstFileExW, |
3_2_00406715 |
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 1_2_009F005F mov eax, dword ptr fs:[00000030h] |
1_2_009F005F |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 1_2_009F0109 mov eax, dword ptr fs:[00000030h] |
1_2_009F0109 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 1_2_009F013E mov eax, dword ptr fs:[00000030h] |
1_2_009F013E |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 1_2_009F017B mov eax, dword ptr fs:[00000030h] |
1_2_009F017B |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 1_2_004018F8 SetUnhandledExceptionFilter, |
1_2_004018F8 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 1_2_0040636B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
1_2_0040636B |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 1_2_00401BF3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
1_2_00401BF3 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 1_2_00401796 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
1_2_00401796 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 3_2_00401E16 SetUnhandledExceptionFilter, |
3_2_00401E16 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 3_2_00401C83 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
3_2_00401C83 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 3_2_004060A4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
3_2_004060A4 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Code function: 3_2_00401F2A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
3_2_00401F2A |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Tender_QUOTATION__LH22000309AA2023.exe |
Code function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_00403640 |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\rtvzitvzef.exe |
Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities |
Jump to behavior |