Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: CtIvEWInDoW |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: AgEBOxw |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: OsUse |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: }@@@e$@@ |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: ijklmnopqrs |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: L 45`vy`ty`tx`sp@@@@<@@@ |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: >22lmnopq((\]^_`abcdefghijklmnopqrs |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: %s\%_ |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: %s\%] |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: ijklmnopqrs |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: [EGEKM^Ywxyztasc}567y9n/S |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: jAss}ord |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: '!#!/!#{|} |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: `o^UFF |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: {K}ri*# |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: advapi32.dll |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: HeapFree |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: GetLocaleInfoA |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: ntProcessId |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: wininet.dll |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: shlwapi.dll |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: shell32.dll |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: .dll |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: khrc7C9Pm |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: column_text |
Source: 0.2.FFAk2gixx5.exe.400000.0.raw.unpack |
String decryptor: login: |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_00409540 CryptUnprotectData,LocalAlloc,LocalFree, |
0_2_00409540 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_00406C10 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree, |
0_2_00406C10 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_004094A0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree, |
0_2_004094A0 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_00415590 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA, |
0_2_00415590 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_0040BF90 memset,lstrlen,CryptStringToBinaryA,memcpy,lstrcat,lstrcat,lstrcat, |
0_2_0040BF90 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_02FC6E77 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree, |
0_2_02FC6E77 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_02FD57F7 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA, |
0_2_02FD57F7 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_02FC97A7 CryptUnprotectData,LocalAlloc,LocalFree, |
0_2_02FC97A7 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_02FC9707 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree, |
0_2_02FC9707 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_02FCC1F7 memset,lstrlen,CryptStringToBinaryA,memcpy,lstrcat,lstrcat,lstrcat, |
0_2_02FCC1F7 |
Source: |
Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr |
Source: |
Binary string: mozglue.pdbP source: mozglue[1].dll.0.dr, mozglue.dll.0.dr |
Source: |
Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr |
Source: |
Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr |
Source: |
Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr |
Source: |
Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr |
Source: |
Binary string: mozglue.pdb source: mozglue[1].dll.0.dr, mozglue.dll.0.dr |
Source: |
Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_0040B610 FindFirstFileA,StrCmpCA,StrCmpCA,GetSystemTimes,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose, |
0_2_0040B610 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_0040DB60 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA, |
0_2_0040DB60 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_0040D540 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
0_2_0040D540 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_00412570 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
0_2_00412570 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_0040D1C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
0_2_0040D1C0 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_004015C0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
0_2_004015C0 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_004121F0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen, |
0_2_004121F0 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_00411650 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose, |
0_2_00411650 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_00411B80 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, |
0_2_00411B80 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_02FD27D7 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
0_2_02FD27D7 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_02FCD7A7 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
0_2_02FCD7A7 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_02FD18B7 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose, |
0_2_02FD18B7 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_02FCB877 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose, |
0_2_02FCB877 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_02FD2457 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen, |
0_2_02FD2457 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_02FC1827 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
0_2_02FC1827 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_02FCD427 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
0_2_02FCD427 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_02FD1DE7 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, |
0_2_02FD1DE7 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
Code function: 0_2_02FCDDC7 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA, |
0_2_02FCDDC7 |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\ |
Jump to behavior |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\ |
Jump to behavior |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\ |
Jump to behavior |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ |
Jump to behavior |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\ |
Jump to behavior |
Source: C:\Users\user\Desktop\FFAk2gixx5.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\ |
Jump to behavior |