Source: 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: deadtrainingactioniw.xyzn |
Source: 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: qualificationjdwko.xyz |
Source: 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: grandcommonyktsju.xyz |
Source: 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: wordingnatturedowo.xyz |
Source: 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: crisisrottenyjs.xyz |
Source: 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: sweetcalcutangkdow.xyz |
Source: 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: cooperatvassquaidmew.xyzn |
Source: 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: exuberanttjdkwo.xyz |
Source: 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: wordingnatturedowo.xyz |
Source: 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: TeslaBrowser/5.5 |
Source: 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: - Screen Resoluton: |
Source: 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: - Physical Installed Memory: |
Source: 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: Workgroup: - |
Source: 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: bOKHNM-- |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov ecx, dword ptr [esp] |
0_2_00EB4700 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then movzx ebx, di |
0_2_00EA8066 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov eax, dword ptr [esi+04h] |
0_2_00EA8066 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then movzx ebx, di |
0_2_00EA8075 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov eax, dword ptr [esi+04h] |
0_2_00EA8075 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then movzx ebx, di |
0_2_00EA8021 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov eax, dword ptr [esi+04h] |
0_2_00EA8021 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
0_2_00E9E033 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov byte ptr [eax], bl |
0_2_00E8F000 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov byte ptr [ecx], al |
0_2_00E971AC |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then jmp eax |
0_2_00E9E1AF |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov ecx, edi |
0_2_00E871A2 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then cmp dword ptr [edi+esi*8], E4AA2089h |
0_2_00EA1170 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov ecx, dword ptr [esi] |
0_2_00EA4149 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov word ptr [eax], dx |
0_2_00EA4149 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then cmp byte ptr [ecx], 00000000h |
0_2_00E924A8 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then jmp ecx |
0_2_00EB94A9 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then cmp byte ptr [ecx], 00000000h |
0_2_00E92487 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov dword ptr [esi], eax |
0_2_00EA6490 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov dword ptr [esi], ecx |
0_2_00EA6490 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+68h] |
0_2_00EA6490 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
0_2_00EA6490 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov edi, dword ptr [esi+04h] |
0_2_00EB8494 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov ebx, eax |
0_2_00E83430 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov edx, dword ptr [esp+10h] |
0_2_00E89400 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_00EA0410 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then jmp eax |
0_2_00E8E5C7 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], 11081610h |
0_2_00E9F580 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
0_2_00EA5580 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then inc ebx |
0_2_00E95510 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov ecx, dword ptr [00EC4FE8h] |
0_2_00EB76C4 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+04h] |
0_2_00EB8600 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
0_2_00EA5580 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then jmp edx |
0_2_00E9D7DE |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov byte ptr [ebx], cl |
0_2_00EA67AF |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then lea ecx, dword ptr [esi+40h] |
0_2_00EA77A1 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then jmp eax |
0_2_00E81787 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then lea ecx, dword ptr [esi+40h] |
0_2_00EA7731 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov word ptr [ebx], cx |
0_2_00E93737 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov word ptr [eax], cx |
0_2_00EA48DF |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
0_2_00E978AF |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then jmp edx |
0_2_00E9D84F |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov byte ptr [ebx], cl |
0_2_00EA684D |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov word ptr [ebx], cx |
0_2_00E9394D |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov ecx, dword ptr [esp] |
0_2_00E89AD0 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov ecx, dword ptr [esp] |
0_2_00E89AD0 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then movsx eax, byte ptr [esi+ecx] |
0_2_00E8CCB0 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
0_2_00E97864 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then cmp byte ptr [esi], 00000000h |
0_2_00E93C08 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then jmp ecx |
0_2_00EB5D98 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov byte ptr [ecx], al |
0_2_00EA7D6E |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_00E93D70 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h |
0_2_00E96D24 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+18h] |
0_2_00EA6EBE |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+18h] |
0_2_00EA6EB7 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then jmp eax |
0_2_00E91FEF |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then movzx ebx, di |
0_2_00EA7F8F |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov eax, dword ptr [esi+04h] |
0_2_00EA7F8F |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
0_2_00EAFF40 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov word ptr [eax], cx |
0_2_00EA1F23 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then mov ecx, dword ptr [esp+5Ch] |
0_2_00E95F09 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 4x nop then jmp eax |
0_2_00E9DF00 |
Source: Traffic |
Snort IDS: 2054123 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (wordingnatturedowo .xyz) 192.168.2.4:52161 -> 1.1.1.1:53 |
Source: Traffic |
Snort IDS: 2054131 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (exuberanttjdkwo .xyz) 192.168.2.4:55481 -> 1.1.1.1:53 |
Source: Traffic |
Snort IDS: 2054129 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (cooperatvassquaidmew .xyz) 192.168.2.4:54788 -> 1.1.1.1:53 |
Source: Traffic |
Snort IDS: 2054127 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (sweetcalcutangkdow .xyz) 192.168.2.4:55158 -> 1.1.1.1:53 |
Source: Traffic |
Snort IDS: 2054125 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (crisisrottenyjs .xyz) 192.168.2.4:52303 -> 1.1.1.1:53 |
Source: Traffic |
Snort IDS: 2054121 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (grandcommonyktsju .xyz) 192.168.2.4:53151 -> 1.1.1.1:53 |
Source: Traffic |
Snort IDS: 2054119 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (qualificationjdwko .xyz) 192.168.2.4:64410 -> 1.1.1.1:53 |
Source: Traffic |
Snort IDS: 2054117 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (deadtrainingactioniw .xyz) 192.168.2.4:56912 -> 1.1.1.1:53 |
Source: Malware configuration extractor |
URLs: deadtrainingactioniw.xyzn |
Source: Malware configuration extractor |
URLs: qualificationjdwko.xyz |
Source: Malware configuration extractor |
URLs: grandcommonyktsju.xyz |
Source: Malware configuration extractor |
URLs: wordingnatturedowo.xyz |
Source: Malware configuration extractor |
URLs: crisisrottenyjs.xyz |
Source: Malware configuration extractor |
URLs: sweetcalcutangkdow.xyz |
Source: Malware configuration extractor |
URLs: cooperatvassquaidmew.xyzn |
Source: Malware configuration extractor |
URLs: exuberanttjdkwo.xyz |
Source: 8yprhxqBVs.exe, 00000000.00000002.1693473089.0000000001966000.00000004.00000020.00020000.00000000.sdmp, 8yprhxqBVs.exe, 00000000.00000003.1689828729.0000000001965000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cooperatvassquaidmew.xyz/ |
Source: 8yprhxqBVs.exe, 00000000.00000002.1693446277.000000000194B000.00000004.00000020.00020000.00000000.sdmp, 8yprhxqBVs.exe, 00000000.00000003.1689828729.0000000001948000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://crisisrottenyjs.xyz/SOR |
Source: 8yprhxqBVs.exe, 00000000.00000002.1693326538.000000000192E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://crisisrottenyjs.xyz/api |
Source: 8yprhxqBVs.exe, 00000000.00000003.1689828729.0000000001965000.00000004.00000020.00020000.00000000.sdmp, 8yprhxqBVs.exe, 00000000.00000002.1693473089.0000000001974000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://deadtrainingactioniw.xyz/ |
Source: 8yprhxqBVs.exe, 00000000.00000002.1693473089.0000000001966000.00000004.00000020.00020000.00000000.sdmp, 8yprhxqBVs.exe, 00000000.00000003.1689828729.0000000001965000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://deadtrainingactioniw.xyz/)G4 |
Source: 8yprhxqBVs.exe, 00000000.00000003.1689828729.0000000001952000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://deadtrainingactioniw.xyz/api |
Source: 8yprhxqBVs.exe, 00000000.00000002.1693473089.0000000001966000.00000004.00000020.00020000.00000000.sdmp, 8yprhxqBVs.exe, 00000000.00000003.1689828729.0000000001965000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://deadtrainingactioniw.xyz/api( |
Source: 8yprhxqBVs.exe, 00000000.00000003.1689828729.0000000001974000.00000004.00000020.00020000.00000000.sdmp, 8yprhxqBVs.exe, 00000000.00000002.1693473089.0000000001974000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://deadtrainingactioniw.xyz:443/api |
Source: 8yprhxqBVs.exe, 00000000.00000002.1693446277.000000000194B000.00000004.00000020.00020000.00000000.sdmp, 8yprhxqBVs.exe, 00000000.00000003.1689828729.0000000001948000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://exuberanttjdkwo.xyz/es( |
Source: 8yprhxqBVs.exe, 00000000.00000002.1693446277.000000000194B000.00000004.00000020.00020000.00000000.sdmp, 8yprhxqBVs.exe, 00000000.00000003.1689828729.0000000001948000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://grandcommonyktsju.xyz/B |
Source: 8yprhxqBVs.exe, 00000000.00000002.1693446277.000000000194B000.00000004.00000020.00020000.00000000.sdmp, 8yprhxqBVs.exe, 00000000.00000003.1689828729.0000000001948000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://qualificationjdwko.xyz/ |
Source: 8yprhxqBVs.exe, 00000000.00000002.1693446277.000000000194B000.00000004.00000020.00020000.00000000.sdmp, 8yprhxqBVs.exe, 00000000.00000003.1689828729.0000000001948000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://qualificationjdwko.xyz/a |
Source: 8yprhxqBVs.exe, 00000000.00000002.1693473089.0000000001952000.00000004.00000020.00020000.00000000.sdmp, 8yprhxqBVs.exe, 00000000.00000003.1689828729.0000000001952000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://qualificationjdwko.xyz/api |
Source: 8yprhxqBVs.exe, 00000000.00000002.1693473089.0000000001952000.00000004.00000020.00020000.00000000.sdmp, 8yprhxqBVs.exe, 00000000.00000003.1689828729.0000000001952000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://qualificationjdwko.xyz/api4 |
Source: 8yprhxqBVs.exe, 00000000.00000002.1693446277.000000000194B000.00000004.00000020.00020000.00000000.sdmp, 8yprhxqBVs.exe, 00000000.00000003.1689828729.0000000001948000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sweetcalcutangkdow.xyz/ |
Source: 8yprhxqBVs.exe, 00000000.00000002.1693473089.0000000001966000.00000004.00000020.00020000.00000000.sdmp, 8yprhxqBVs.exe, 00000000.00000003.1689828729.0000000001965000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sweetcalcutangkdow.xyz/api |
Source: 8yprhxqBVs.exe, 00000000.00000002.1693036124.00000000017A8000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://turbosms.ua |
Source: 8yprhxqBVs.exe, 00000000.00000002.1693446277.000000000194B000.00000004.00000020.00020000.00000000.sdmp, 8yprhxqBVs.exe, 00000000.00000003.1689828729.0000000001948000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://wordingnatturedowo.xyz/ |
Source: 8yprhxqBVs.exe, 00000000.00000002.1693326538.000000000192E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://wordingnatturedowo.xyz/api |
Source: 8yprhxqBVs.exe, 00000000.00000002.1693326538.000000000192E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://wordingnatturedowo.xyz/apisX |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 0_2_00E860AC |
0_2_00E860AC |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 0_2_00EB5070 |
0_2_00EB5070 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 0_2_00EA8075 |
0_2_00EA8075 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 0_2_00EA8021 |
0_2_00EA8021 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 0_2_00EA1170 |
0_2_00EA1170 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 0_2_00E88210 |
0_2_00E88210 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 0_2_00E8436F |
0_2_00E8436F |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 0_2_00EBA410 |
0_2_00EBA410 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 0_2_00EA35F7 |
0_2_00EA35F7 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 0_2_00E865C0 |
0_2_00E865C0 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 0_2_00EBA730 |
0_2_00EBA730 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 0_2_00E9C870 |
0_2_00E9C870 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 0_2_00EA5830 |
0_2_00EA5830 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 0_2_00E89AD0 |
0_2_00E89AD0 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 0_2_00E85BF8 |
0_2_00E85BF8 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 0_2_00EB1DC0 |
0_2_00EB1DC0 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 0_2_00E85D9D |
0_2_00E85D9D |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 0_2_00E84D60 |
0_2_00E84D60 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 0_2_00E9FECD |
0_2_00E9FECD |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 0_2_00E8EE60 |
0_2_00E8EE60 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Code function: 0_2_00EA7F8F |
0_2_00EA7F8F |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
API/Special instruction interceptor: Address: 166BCC0 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
API/Special instruction interceptor: Address: 1374981 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
API/Special instruction interceptor: Address: 1740D60 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
API/Special instruction interceptor: Address: 11BDE75 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
API/Special instruction interceptor: Address: 1685F2E |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
API/Special instruction interceptor: Address: 133CA72 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
API/Special instruction interceptor: Address: 17818E2 |
Source: C:\Users\user\Desktop\8yprhxqBVs.exe |
API/Special instruction interceptor: Address: 11BA5AE |
Source: 8yprhxqBVs.exe, 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: deadtrainingactioniw.xyzn |
Source: 8yprhxqBVs.exe, 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: qualificationjdwko.xyz |
Source: 8yprhxqBVs.exe, 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: grandcommonyktsju.xyz |
Source: 8yprhxqBVs.exe, 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: wordingnatturedowo.xyz |
Source: 8yprhxqBVs.exe, 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: crisisrottenyjs.xyz |
Source: 8yprhxqBVs.exe, 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: sweetcalcutangkdow.xyz |
Source: 8yprhxqBVs.exe, 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: cooperatvassquaidmew.xyzn |
Source: 8yprhxqBVs.exe, 00000000.00000002.1690923515.0000000000EBB000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: exuberanttjdkwo.xyz |