Source: 00000003.00000002.1382914931.000000000058D000.00000002.00000400.00020000.00000000.sdmp | String decryptor: deadtrainingactioniw.xyz |
Source: 00000003.00000002.1382914931.000000000058D000.00000002.00000400.00020000.00000000.sdmp | String decryptor: qualificationjdwko.xyz |
Source: 00000003.00000002.1382914931.000000000058D000.00000002.00000400.00020000.00000000.sdmp | String decryptor: grandcommonyktsju.xyz |
Source: 00000003.00000002.1382914931.000000000058D000.00000002.00000400.00020000.00000000.sdmp | String decryptor: wordingnatturedowo.xyz |
Source: 00000003.00000002.1382914931.000000000058D000.00000002.00000400.00020000.00000000.sdmp | String decryptor: crisisrottenyjs.xyz |
Source: 00000003.00000002.1382914931.000000000058D000.00000002.00000400.00020000.00000000.sdmp | String decryptor: sweetcalcutangkdow.xyz |
Source: 00000003.00000002.1382914931.000000000058D000.00000002.00000400.00020000.00000000.sdmp | String decryptor: cooperatvassquaidmew.xyz |
Source: 00000003.00000002.1382914931.000000000058D000.00000002.00000400.00020000.00000000.sdmp | String decryptor: exuberanttjdkwo.xyz |
Source: 00000003.00000002.1382914931.000000000058D000.00000002.00000400.00020000.00000000.sdmp | String decryptor: crisisrottenyjs.xyz |
Source: 00000003.00000002.1382914931.000000000058D000.00000002.00000400.00020000.00000000.sdmp | String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 00000003.00000002.1382914931.000000000058D000.00000002.00000400.00020000.00000000.sdmp | String decryptor: TeslaBrowser/5.5 |
Source: 00000003.00000002.1382914931.000000000058D000.00000002.00000400.00020000.00000000.sdmp | String decryptor: - Screen Resoluton: |
Source: 00000003.00000002.1382914931.000000000058D000.00000002.00000400.00020000.00000000.sdmp | String decryptor: - Physical Installed Memory: |
Source: 00000003.00000002.1382914931.000000000058D000.00000002.00000400.00020000.00000000.sdmp | String decryptor: Workgroup: - |
Source: 00000003.00000002.1382914931.000000000058D000.00000002.00000400.00020000.00000000.sdmp | String decryptor: LPnhqo--@fondnesssw |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], 00D23749h | 3_2_00587090 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 3_2_00587090 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 3_2_00587090 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov word ptr [edi], ax | 3_2_00563F6C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then movzx eax, word ptr [edi+esi*4] | 3_2_00558170 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then lea eax, dword ptr [edi+04h] | 3_2_00571135 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then cmp dword ptr [ecx+edx*8], 3BEBD150h | 3_2_00584934 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov edi, dword ptr [esi] | 3_2_005889DF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then movsx eax, byte ptr [esi+ecx] | 3_2_0055D1C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov eax, dword ptr [esp+04h] | 3_2_005891FB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then jmp esi | 3_2_0058A192 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then cmp byte ptr [edi+ebx+01h], 00000000h | 3_2_0056CA4C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then cmp byte ptr [ebx+edi+01h], 00000000h | 3_2_00563A7E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then cmp byte ptr [ebx+edi+01h], 00000000h | 3_2_00563A7A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then jmp esi | 3_2_0058A260 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then jmp edx | 3_2_00571A15 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov ecx, dword ptr [esp] | 3_2_00570239 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov eax, dword ptr [esi+40h] | 3_2_00577239 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 3_2_00586A90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov ecx, dword ptr [esp+04h] | 3_2_00566340 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then cmp dword ptr [ecx+ebx*8], 0850A6E6h | 3_2_0058BB40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then jmp eax | 3_2_00573329 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then jmp eax | 3_2_0056E3F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then jmp edx | 3_2_00571BF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then inc ebx | 3_2_00565390 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov byte ptr [edi], al | 3_2_00575BB5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov byte ptr [edi], al | 3_2_005763BB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov byte ptr [edi], al | 3_2_0057644B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then inc eax | 3_2_00562470 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then xor eax, eax | 3_2_0056D413 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], B33E16A3h | 3_2_00586CC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov ecx, dword ptr [esp+00000890h] | 3_2_0056E4F4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov byte ptr [edi], al | 3_2_0057638D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then jmp eax | 3_2_0056E490 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov edi, dword ptr [esp+5Ch] | 3_2_00566CB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov ebx, dword ptr [edi+04h] | 3_2_00574D50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then jmp eax | 3_2_00572D7E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then cmp byte ptr [edi], 00000000h | 3_2_00562D60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov edi, dword ptr [esi+04h] | 3_2_00573517 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov word ptr [eax], cx | 3_2_0056551E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov eax, dword ptr [esi+04h] | 3_2_00563500 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then cmp byte ptr [ebx+edi+01h], 00000000h | 3_2_00563D28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov eax, dword ptr [esi+04h] | 3_2_005635C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then jmp eax | 3_2_0056FDFC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov ebx, eax | 3_2_005535A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov eax, dword ptr [esi+40h] | 3_2_00577602 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then movzx eax, word ptr [edx] | 3_2_00587E00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then jmp esi | 3_2_0058A630 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov dword ptr [esp+24h], 0000005Ch | 3_2_00584695 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then movzx ebx, byte ptr [edx] | 3_2_00582680 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov ecx, dword ptr [esp+18h] | 3_2_0055FE8B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then jmp eax | 3_2_00551755 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov word ptr [edi], ax | 3_2_00564F78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then movzx edi, byte ptr [ecx+esi] | 3_2_00553760 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then lea eax, dword ptr [eax+eax*4] | 3_2_00558F60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then or ebp, 04h | 3_2_0055171B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov byte ptr [edi], dl | 3_2_00576704 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov ecx, dword ptr [esp] | 3_2_00559F20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov byte ptr [edi], al | 3_2_00575FE4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then add ecx, 03h | 3_2_00573FBB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 4x nop then mov dword ptr [esi], ebp | 3_2_00551FA0 |
Source: Traffic | Snort IDS: 2054125 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (crisisrottenyjs .xyz) 192.168.2.9:50884 -> 1.1.1.1:53 |
Source: Traffic | Snort IDS: 2054131 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (exuberanttjdkwo .xyz) 192.168.2.9:50034 -> 1.1.1.1:53 |
Source: Traffic | Snort IDS: 2054129 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (cooperatvassquaidmew .xyz) 192.168.2.9:61762 -> 1.1.1.1:53 |
Source: Traffic | Snort IDS: 2054127 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (sweetcalcutangkdow .xyz) 192.168.2.9:55520 -> 1.1.1.1:53 |
Source: Traffic | Snort IDS: 2054123 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (wordingnatturedowo .xyz) 192.168.2.9:51384 -> 1.1.1.1:53 |
Source: Traffic | Snort IDS: 2054121 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (grandcommonyktsju .xyz) 192.168.2.9:55685 -> 1.1.1.1:53 |
Source: Traffic | Snort IDS: 2054119 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (qualificationjdwko .xyz) 192.168.2.9:57788 -> 1.1.1.1:53 |
Source: Traffic | Snort IDS: 2054117 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (deadtrainingactioniw .xyz) 192.168.2.9:58515 -> 1.1.1.1:53 |
Source: Malware configuration extractor | URLs: deadtrainingactioniw.xyz |
Source: Malware configuration extractor | URLs: qualificationjdwko.xyz |
Source: Malware configuration extractor | URLs: grandcommonyktsju.xyz |
Source: Malware configuration extractor | URLs: wordingnatturedowo.xyz |
Source: Malware configuration extractor | URLs: crisisrottenyjs.xyz |
Source: Malware configuration extractor | URLs: sweetcalcutangkdow.xyz |
Source: Malware configuration extractor | URLs: cooperatvassquaidmew.xyz |
Source: Malware configuration extractor | URLs: exuberanttjdkwo.xyz |
Source: Malware configuration extractor | URLs: crisisrottenyjs.xyz |
Source: aspnet_regiis.exe, 00000003.00000003.1382509177.0000000000624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.1383027287.0000000000624000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cooperatvassquaidmew.xyz/ |
Source: aspnet_regiis.exe, 00000003.00000002.1383027287.000000000060D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1382384827.000000000060D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cooperatvassquaidmew.xyz/api |
Source: aspnet_regiis.exe, 00000003.00000002.1383006597.00000000005FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1382384827.00000000005FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://crisisrottenyjs.xyz/api |
Source: aspnet_regiis.exe, 00000003.00000003.1382509177.0000000000624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.1383027287.0000000000624000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://deadtrainingactioniw.xyz/ |
Source: aspnet_regiis.exe, 00000003.00000003.1382509177.0000000000624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.1383027287.0000000000624000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://deadtrainingactioniw.xyz/0 |
Source: aspnet_regiis.exe, 00000003.00000002.1383027287.000000000060D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1382384827.000000000060D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1382509177.0000000000624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.1383027287.0000000000624000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://deadtrainingactioniw.xyz/api |
Source: aspnet_regiis.exe, 00000003.00000002.1383027287.000000000060D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1382384827.000000000060D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://exuberanttjdkwo.xyz/api |
Source: aspnet_regiis.exe, 00000003.00000003.1382384827.00000000005FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://grandcommonyktsju.xyz/ |
Source: aspnet_regiis.exe, 00000003.00000002.1383027287.000000000060D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1382384827.000000000060D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://grandcommonyktsju.xyz/api |
Source: aspnet_regiis.exe, 00000003.00000002.1383027287.000000000060D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1382384827.000000000060D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://grandcommonyktsju.xyz/apiz? |
Source: aspnet_regiis.exe, 00000003.00000002.1383006597.00000000005FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1382384827.00000000005FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.1383027287.000000000060D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1382384827.000000000060D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://qualificationjdwko.xyz/ |
Source: aspnet_regiis.exe, 00000003.00000002.1383006597.00000000005FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1382384827.00000000005FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://qualificationjdwko.xyz/7 |
Source: aspnet_regiis.exe, 00000003.00000002.1383006597.00000000005FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1382384827.00000000005FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://qualificationjdwko.xyz/A |
Source: aspnet_regiis.exe, 00000003.00000002.1383027287.000000000060D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1382384827.000000000060D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://qualificationjdwko.xyz/api |
Source: aspnet_regiis.exe, 00000003.00000002.1383027287.000000000060D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1382384827.000000000060D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://qualificationjdwko.xyz/apidO |
Source: aspnet_regiis.exe, 00000003.00000002.1383027287.000000000060D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1382384827.000000000060D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://qualificationjdwko.xyz/apizC |
Source: aspnet_regiis.exe, 00000003.00000002.1383006597.00000000005FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1382384827.00000000005FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sweetcalcutangkdow.xyz/ |
Source: aspnet_regiis.exe, 00000003.00000002.1383027287.000000000060D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1382384827.000000000060D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sweetcalcutangkdow.xyz/api |
Source: aspnet_regiis.exe, 00000003.00000002.1383027287.000000000060D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.1382384827.000000000060D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sweetcalcutangkdow.xyz/apiz9 |
Source: C:\Users\user\Desktop\Loader.exe | Code function: 0_2_6D321090 | 0_2_6D321090 |
Source: C:\Users\user\Desktop\Loader.exe | Code function: 0_2_6D323750 | 0_2_6D323750 |
Source: C:\Users\user\Desktop\Loader.exe | Code function: 0_2_6D322ED0 | 0_2_6D322ED0 |
Source: C:\Users\user\Desktop\Loader.exe | Code function: 0_2_6D32BC40 | 0_2_6D32BC40 |
Source: C:\Users\user\Desktop\Loader.exe | Code function: 0_2_6D337715 | 0_2_6D337715 |
Source: C:\Users\user\Desktop\Loader.exe | Code function: 0_2_6D3233E0 | 0_2_6D3233E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_0055F070 | 3_2_0055F070 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_00551000 | 3_2_00551000 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_00587090 | 3_2_00587090 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_00558170 | 3_2_00558170 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_00567171 | 3_2_00567171 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_00571135 | 3_2_00571135 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_0058A192 | 3_2_0058A192 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_005749A0 | 3_2_005749A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_0058C250 | 3_2_0058C250 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_00555A40 | 3_2_00555A40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_0056CA4C | 3_2_0056CA4C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_0058A260 | 3_2_0058A260 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_00571A15 | 3_2_00571A15 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_00570239 | 3_2_00570239 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_00553AA0 | 3_2_00553AA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_00576BF9 | 3_2_00576BF9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_00575BEA | 3_2_00575BEA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_0056D413 | 3_2_0056D413 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_00570C00 | 3_2_00570C00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_00556CB0 | 3_2_00556CB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_00566CB0 | 3_2_00566CB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_00554540 | 3_2_00554540 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_00572D7E | 3_2_00572D7E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_0056F511 | 3_2_0056F511 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_00577DF3 | 3_2_00577DF3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_0058A630 | 3_2_0058A630 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_00554F50 | 3_2_00554F50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_0058A740 | 3_2_0058A740 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_0058BF40 | 3_2_0058BF40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_00558F60 | 3_2_00558F60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Code function: 3_2_00556780 | 3_2_00556780 |
Source: C:\Users\user\Desktop\Loader.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Section loaded: webio.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Memory allocated: 1340000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Memory allocated: 30C0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Memory allocated: 16B0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Memory allocated: 56C0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Memory allocated: 66C0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Memory allocated: 67F0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Memory allocated: 77F0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Memory allocated: 7B40000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Memory allocated: 8B40000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Memory allocated: 9B40000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Code function: 0_2_6D323750 HonorInc,GetConsoleWindow,ShowWindow,CreateProcessW,VirtualAlloc,Wow64GetThreadContext,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,ReadProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,CloseHandle,CloseHandle,GetConsoleWindow,ShowWindow,VirtualAlloc,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread, | 0_2_6D323750 |
Source: Loader.exe, 00000000.00000002.1393103242.000000006D340000.00000004.00000001.01000000.00000007.sdmp | String found in binary or memory: deadtrainingactioniw.xyz |
Source: Loader.exe, 00000000.00000002.1393103242.000000006D340000.00000004.00000001.01000000.00000007.sdmp | String found in binary or memory: qualificationjdwko.xyz |
Source: Loader.exe, 00000000.00000002.1393103242.000000006D340000.00000004.00000001.01000000.00000007.sdmp | String found in binary or memory: grandcommonyktsju.xyz |
Source: Loader.exe, 00000000.00000002.1393103242.000000006D340000.00000004.00000001.01000000.00000007.sdmp | String found in binary or memory: wordingnatturedowo.xyz |
Source: Loader.exe, 00000000.00000002.1393103242.000000006D340000.00000004.00000001.01000000.00000007.sdmp | String found in binary or memory: crisisrottenyjs.xyz |
Source: Loader.exe, 00000000.00000002.1393103242.000000006D340000.00000004.00000001.01000000.00000007.sdmp | String found in binary or memory: sweetcalcutangkdow.xyz |
Source: Loader.exe, 00000000.00000002.1393103242.000000006D340000.00000004.00000001.01000000.00000007.sdmp | String found in binary or memory: cooperatvassquaidmew.xyz |
Source: Loader.exe, 00000000.00000002.1393103242.000000006D340000.00000004.00000001.01000000.00000007.sdmp | String found in binary or memory: exuberanttjdkwo.xyz |