Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown | TCP traffic detected without corresponding DNS query: 72.247.96.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 72.247.96.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 72.247.96.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 72.247.96.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 72.247.96.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 72.247.96.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 72.247.96.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 72.247.96.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 72.247.96.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 72.247.96.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 72.247.96.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 72.247.96.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 72.247.96.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 72.247.96.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 72.247.96.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 72.247.96.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 72.247.96.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 72.247.96.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 72.247.96.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: global traffic | HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Dg+uS4uaRpFXHHv&MD=p8faHFV4 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic | HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
Source: global traffic | HTTP traffic detected: GET /widget/app/so?awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en HTTP/1.1Host: ogs.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Dg+uS4uaRpFXHHv&MD=p8faHFV4 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic | HTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=513=EYr6cnrRAAEbx9B9S_C9cajnLlaQBUmKFyzMrUZBAei_V9LOYiMmisV7U6YkKONCPJujzzrOGtgJy-9KwtEqX54XUPzbdgb3ce54RAyN2Dm9W0bQ1cITNvw07xv6LQ9qFjNMhp5tHHb8WTnaZfrfWxGxfg3yeVVD9myKTJFBkTU |
Source: 0e46.scr.exe, 00000001.00000002.3250604761.0000000002446000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cp5ua.hyperhost.ua |
Source: 0e46.scr.exe, 00000001.00000002.3250604761.0000000002446000.00000004.00000800.00020000.00000000.sdmp, 0e46.scr.exe, 00000001.00000002.3249400772.0000000000786000.00000004.00000020.00020000.00000000.sdmp, 0e46.scr.exe, 00000001.00000002.3253781324.0000000005E82000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: 0e46.scr.exe, 00000001.00000002.3253781324.0000000005EA8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: 0e46.scr.exe, 00000001.00000002.3250604761.0000000002446000.00000004.00000800.00020000.00000000.sdmp, 0e46.scr.exe, 00000001.00000002.3249400772.0000000000786000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0# |
Source: 0e46.scr.exe, 00000001.00000002.3250604761.0000000002446000.00000004.00000800.00020000.00000000.sdmp, 0e46.scr.exe, 00000001.00000002.3249400772.0000000000786000.00000004.00000020.00020000.00000000.sdmp, 0e46.scr.exe, 00000001.00000002.3253781324.0000000005E82000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.comodoca.com0 |
Source: 0e46.scr.exe, 00000001.00000002.3250604761.0000000002446000.00000004.00000800.00020000.00000000.sdmp, 0e46.scr.exe, 00000001.00000002.3249400772.0000000000786000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.sectigo.com0 |
Source: chromecache_77.5.dr | String found in binary or memory: http://www.broofa.com |
Source: 0e46.scr.exe, 00000000.00000002.2001634046.0000000003F7A000.00000004.00000800.00020000.00000000.sdmp, 0e46.scr.exe, 00000001.00000002.3249046802.0000000000502000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://account.dyn.com/ |
Source: chromecache_90.5.dr | String found in binary or memory: https://accounts.google.com/o/oauth2/auth |
Source: chromecache_90.5.dr | String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay |
Source: chromecache_90.5.dr, chromecache_77.5.dr | String found in binary or memory: https://apis.google.com |
Source: chromecache_81.5.dr | String found in binary or memory: https://apis.google.com/js/api.js |
Source: chromecache_90.5.dr | String found in binary or memory: https://clients6.google.com |
Source: chromecache_90.5.dr | String found in binary or memory: https://content.googleapis.com |
Source: chromecache_90.5.dr | String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/ |
Source: chromecache_90.5.dr | String found in binary or memory: https://domains.google.com/suggest/flow |
Source: chromecache_77.5.dr | String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3 |
Source: chromecache_77.5.dr | String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3 |
Source: chromecache_77.5.dr | String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2 |
Source: chromecache_77.5.dr | String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2 |
Source: chromecache_92.5.dr | String found in binary or memory: https://ogs.google.com/ |
Source: chromecache_92.5.dr | String found in binary or memory: https://ogs.google.com/widget/app/so |
Source: chromecache_77.5.dr | String found in binary or memory: https://play.google.com/log?format=json&hasfast=true |
Source: chromecache_90.5.dr | String found in binary or memory: https://plus.google.com |
Source: chromecache_90.5.dr | String found in binary or memory: https://plus.googleapis.com |
Source: 0e46.scr.exe, 00000001.00000002.3250604761.0000000002446000.00000004.00000800.00020000.00000000.sdmp, 0e46.scr.exe, 00000001.00000002.3249400772.0000000000786000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sectigo.com/CPS0 |
Source: chromecache_92.5.dr | String found in binary or memory: https://ssl.gstatic.com |
Source: chromecache_81.5.dr | String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url= |
Source: chromecache_90.5.dr | String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1 |
Source: chromecache_81.5.dr | String found in binary or memory: https://www.google.com/log?format=json&hasfast=true |
Source: chromecache_90.5.dr | String found in binary or memory: https://www.googleapis.com/auth/plus.me |
Source: chromecache_90.5.dr | String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended |
Source: chromecache_92.5.dr | String found in binary or memory: https://www.gstatic.com |
Source: chromecache_92.5.dr | String found in binary or memory: https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.atEDuNh539g. |
Source: chromecache_77.5.dr | String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html |
Source: chromecache_77.5.dr | String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css |
Source: chromecache_77.5.dr | String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css |
Source: unknown | Network traffic detected: HTTP traffic on port 49708 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49674 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49744 |
Source: unknown | Network traffic detected: HTTP traffic on port 49710 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49742 |
Source: unknown | Network traffic detected: HTTP traffic on port 49731 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49725 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49729 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49748 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49746 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49715 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49715 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49711 |
Source: unknown | Network traffic detected: HTTP traffic on port 49709 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49675 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49710 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49732 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49731 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49730 |
Source: unknown | Network traffic detected: HTTP traffic on port 49673 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49732 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49730 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49711 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49703 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49742 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49747 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49744 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49723 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49709 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49708 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49729 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49748 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49703 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49725 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49747 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49746 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49723 |
Source: 0.2.0e46.scr.exe.402a420.3.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.0e46.scr.exe.3fef9f0.4.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 1.2.0e46.scr.exe.500000.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.0e46.scr.exe.54b0000.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects downloader injector Author: ditekSHen |
Source: 0.2.0e46.scr.exe.3f0dd90.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects downloader injector Author: ditekSHen |
Source: 0.2.0e46.scr.exe.3f0dd90.2.unpack, type: UNPACKEDPE | Matched rule: Detects downloader injector Author: ditekSHen |
Source: 0.2.0e46.scr.exe.54b0000.5.unpack, type: UNPACKEDPE | Matched rule: Detects downloader injector Author: ditekSHen |
Source: 0.2.0e46.scr.exe.402a420.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.0e46.scr.exe.3fef9f0.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.0e46.scr.exe.2eb1ba0.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects downloader injector Author: ditekSHen |
Source: 0.2.0e46.scr.exe.2eaf360.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects downloader injector Author: ditekSHen |
Source: 00000000.00000002.2002461828.00000000054B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Detects downloader injector Author: ditekSHen |
Source: C:\Users\user\Desktop\0e46.scr.exe | Code function: 0_2_0145AA28 | 0_2_0145AA28 |
Source: C:\Users\user\Desktop\0e46.scr.exe | Code function: 0_2_01459150 | 0_2_01459150 |
Source: C:\Users\user\Desktop\0e46.scr.exe | Code function: 1_2_0238B06F | 1_2_0238B06F |
Source: C:\Users\user\Desktop\0e46.scr.exe | Code function: 1_2_02384A98 | 1_2_02384A98 |
Source: C:\Users\user\Desktop\0e46.scr.exe | Code function: 1_2_02383E80 | 1_2_02383E80 |
Source: C:\Users\user\Desktop\0e46.scr.exe | Code function: 1_2_0238CE80 | 1_2_0238CE80 |
Source: C:\Users\user\Desktop\0e46.scr.exe | Code function: 1_2_023841C8 | 1_2_023841C8 |
Source: C:\Users\user\Desktop\0e46.scr.exe | Code function: 1_2_02389BF8 | 1_2_02389BF8 |
Source: C:\Users\user\Desktop\0e46.scr.exe | Code function: 1_2_0599BCF0 | 1_2_0599BCF0 |
Source: C:\Users\user\Desktop\0e46.scr.exe | Code function: 1_2_0599DCF0 | 1_2_0599DCF0 |
Source: C:\Users\user\Desktop\0e46.scr.exe | Code function: 1_2_05993F38 | 1_2_05993F38 |
Source: C:\Users\user\Desktop\0e46.scr.exe | Code function: 1_2_059956C8 | 1_2_059956C8 |
Source: C:\Users\user\Desktop\0e46.scr.exe | Code function: 1_2_05992EE8 | 1_2_05992EE8 |
Source: C:\Users\user\Desktop\0e46.scr.exe | Code function: 1_2_05990040 | 1_2_05990040 |
Source: C:\Users\user\Desktop\0e46.scr.exe | Code function: 1_2_05998B73 | 1_2_05998B73 |
Source: C:\Users\user\Desktop\0e46.scr.exe | Code function: 1_2_05994FE8 | 1_2_05994FE8 |
Source: C:\Users\user\Desktop\0e46.scr.exe | Code function: 1_2_05993623 | 1_2_05993623 |
Source: C:\Users\user\Desktop\0e46.scr.exe | Code function: 1_2_0238D230 | 1_2_0238D230 |
Source: 0e46.scr.exe, 00000000.00000002.2002461828.00000000054B0000.00000004.08000000.00040000.00000000.sdmp | Binary or memory string: OriginalFilenameExample.dll0 vs 0e46.scr.exe |
Source: 0e46.scr.exe, 00000000.00000002.2003160997.0000000005590000.00000004.08000000.00040000.00000000.sdmp | Binary or memory string: OriginalFilenameAQipUvwTwkLZyiCs.dll: vs 0e46.scr.exe |
Source: 0e46.scr.exe, 00000000.00000002.2001431433.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameAQipUvwTwkLZyiCs.dll: vs 0e46.scr.exe |
Source: 0e46.scr.exe, 00000000.00000002.2001431433.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilename96d8990f-a506-4040-ac41-4524d69afa68.exe4 vs 0e46.scr.exe |
Source: 0e46.scr.exe, 00000000.00000002.2001634046.0000000003EA5000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameExample.dll0 vs 0e46.scr.exe |
Source: 0e46.scr.exe, 00000000.00000002.2001634046.0000000003F7A000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilename96d8990f-a506-4040-ac41-4524d69afa68.exe4 vs 0e46.scr.exe |
Source: 0e46.scr.exe, 00000000.00000000.1994785634.0000000000AC6000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenamedxdiag.exel% vs 0e46.scr.exe |
Source: 0e46.scr.exe, 00000001.00000002.3249046802.0000000000502000.00000040.00000400.00020000.00000000.sdmp | Binary or memory string: OriginalFilename96d8990f-a506-4040-ac41-4524d69afa68.exe4 vs 0e46.scr.exe |
Source: 0e46.scr.exe, 00000001.00000002.3249010467.00000000004F9000.00000004.00000010.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameUNKNOWN_FILET vs 0e46.scr.exe |
Source: 0e46.scr.exe | Binary or memory string: OriginalFilenamedxdiag.exel% vs 0e46.scr.exe |
Source: 0.2.0e46.scr.exe.402a420.3.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.0e46.scr.exe.3fef9f0.4.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 1.2.0e46.scr.exe.500000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.0e46.scr.exe.54b0000.5.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector |
Source: 0.2.0e46.scr.exe.3f0dd90.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector |
Source: 0.2.0e46.scr.exe.3f0dd90.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector |
Source: 0.2.0e46.scr.exe.54b0000.5.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector |
Source: 0.2.0e46.scr.exe.402a420.3.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.0e46.scr.exe.3fef9f0.4.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.0e46.scr.exe.2eb1ba0.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector |
Source: 0.2.0e46.scr.exe.2eaf360.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector |
Source: 00000000.00000002.2002461828.00000000054B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector |
Source: 0.2.0e46.scr.exe.3f0dd90.2.raw.unpack, DarkListView.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.0e46.scr.exe.402a420.3.raw.unpack, G39cBQ.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.0e46.scr.exe.402a420.3.raw.unpack, G39cBQ.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.0e46.scr.exe.402a420.3.raw.unpack, sDtvQjPGfa.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.0e46.scr.exe.402a420.3.raw.unpack, sDtvQjPGfa.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.0e46.scr.exe.402a420.3.raw.unpack, sDtvQjPGfa.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.0e46.scr.exe.402a420.3.raw.unpack, sDtvQjPGfa.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.0e46.scr.exe.402a420.3.raw.unpack, b1PPCKov2KZ.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.0e46.scr.exe.402a420.3.raw.unpack, b1PPCKov2KZ.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: unknown | Process created: C:\Users\user\Desktop\0e46.scr.exe "C:\Users\user\Desktop\0e46.scr.exe" | |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process created: C:\Users\user\Desktop\0e46.scr.exe "C:\Users\user\Desktop\0e46.scr.exe" | |
Source: unknown | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:/// | |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=2040,i,3301420170973166231,14062020265948935474,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 | |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process created: C:\Users\user\Desktop\0e46.scr.exe "C:\Users\user\Desktop\0e46.scr.exe" | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=2040,i,3301420170973166231,14062020265948935474,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: vaultcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 528 | Thread sleep time: -922337203685477s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep count: 31 > 30 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -28592453314249787s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -100000s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -99870s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4416 | Thread sleep count: 1230 > 30 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -99765s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4416 | Thread sleep count: 7852 > 30 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -99656s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -99547s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -99437s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -99328s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -99218s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -99106s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -99000s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -98890s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -98753s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -98640s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -98531s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -98420s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -98312s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -98203s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -98093s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -97984s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -97875s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -97765s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -97656s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -97547s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -97422s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -97312s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -97203s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -97092s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -96984s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -96875s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -96765s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -96656s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -96545s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -96437s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -96328s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -96219s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -96109s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -95994s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -95890s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -95781s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -95672s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -95562s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -95453s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -95343s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -95219s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -95109s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe TID: 4068 | Thread sleep time: -922337203685477s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 100000 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 99870 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 99765 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 99656 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 99547 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 99437 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 99328 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 99218 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 99106 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 99000 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 98890 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 98753 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 98640 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 98531 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 98420 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 98312 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 98203 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 98093 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 97984 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 97875 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 97765 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 97656 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 97547 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 97422 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 97312 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 97203 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 97092 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 96984 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 96875 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 96765 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 96656 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 96545 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 96437 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 96328 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 96219 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 96109 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 95994 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 95890 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 95781 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 95672 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 95562 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 95453 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 95343 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 95219 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 95109 | Jump to behavior |
Source: C:\Users\user\Desktop\0e46.scr.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: 0e46.scr.exe, --.cs | Reference to suspicious API methods: _FFFDt_26CA.OpenProcess(_06DA_FFFD, _FFFD_FFFDZ_FFFD, _FFFD_06DA_FFFD) |
Source: 0e46.scr.exe, ---.cs | Reference to suspicious API methods: _FFFDt_26CA.GetAsyncKeyState(16) |
Source: 0e46.scr.exe, R-.cs | Reference to suspicious API methods: _FFFDt_26CA.MapVirtualKey(i_FFFD.union.keyboardInput.wVk, 0) |
Source: 0.2.0e46.scr.exe.5590000.6.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.cs | Reference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi)) |
Source: 0.2.0e46.scr.exe.5590000.6.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.cs | Reference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi)) |
Source: 0.2.0e46.scr.exe.5590000.6.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.cs | Reference to suspicious API methods: ReadProcessMemory(processInformation.ProcessHandle, num3 + 8, ref buffer, 4, ref bytesRead) |