Click to jump to signature section
Source: https://associationokeo.shop/api | Avira URL Cloud: Label: malware |
Source: https://turkeyunlikelyofw.shop/p | Avira URL Cloud: Label: malware |
Source: https://associationokeo.shop/apiM | Avira URL Cloud: Label: malware |
Source: colorfulequalugliess.shop | Avira URL Cloud: Label: phishing |
Source: https://turkeyunlikelyofw.shop/api | Avira URL Cloud: Label: malware |
Source: https://turkeyunlikelyofw.shop/ | Avira URL Cloud: Label: malware |
Source: https://associationokeo.shop/_ | Avira URL Cloud: Label: malware |
Source: associationokeo.shop | Avira URL Cloud: Label: malware |
Source: turkeyunlikelyofw.shop | Avira URL Cloud: Label: malware |
Source: detectordiscusser.shop | Avira URL Cloud: Label: malware |
Source: https://detectordiscusser.shop/api | Avira URL Cloud: Label: malware |
Source: https://colorfulequalugliess.shop/K | Avira URL Cloud: Label: phishing |
Source: https://detectordiscusser.shop/apie | Avira URL Cloud: Label: malware |
Source: https://associationokeo.shop// | Avira URL Cloud: Label: malware |
Source: https://detectordiscusser.shop/ | Avira URL Cloud: Label: malware |
Source: sideindexfollowragelrew.pw | Avira URL Cloud: Label: malware |
Source: https://relevantvoicelesskw.shop// | Avira URL Cloud: Label: phishing |
Source: relevantvoicelesskw.shop | Avira URL Cloud: Label: phishing |
Source: https://associationokeo.shop/i | Avira URL Cloud: Label: malware |
Source: 0.2.LisectAVT_2403002B_445.exe.5a0000.1.raw.unpack | Malware Configuration Extractor: LummaC {"C2 url": ["associationokeo.shop", "turkeyunlikelyofw.shop", "pooreveningfuseor.pw", "edurestunningcrackyow.fun", "detectordiscusser.shop", "relevantvoicelesskw.shop", "colorfulequalugliess.shop", "wisemassiveharmonious.shop", "sideindexfollowragelrew.pw"], "Build id": "LPnhqo--@asasdasqr"} |
Source: 00000000.00000002.1670872716.00000000005A0000.00000004.00000001.01000000.00000003.sdmp | String decryptor: associationokeo.shop |
Source: 00000000.00000002.1670872716.00000000005A0000.00000004.00000001.01000000.00000003.sdmp | String decryptor: turkeyunlikelyofw.shop |
Source: 00000000.00000002.1670872716.00000000005A0000.00000004.00000001.01000000.00000003.sdmp | String decryptor: pooreveningfuseor.pw |
Source: 00000000.00000002.1670872716.00000000005A0000.00000004.00000001.01000000.00000003.sdmp | String decryptor: edurestunningcrackyow.fun |
Source: 00000000.00000002.1670872716.00000000005A0000.00000004.00000001.01000000.00000003.sdmp | String decryptor: detectordiscusser.shop |
Source: 00000000.00000002.1670872716.00000000005A0000.00000004.00000001.01000000.00000003.sdmp | String decryptor: relevantvoicelesskw.shop |
Source: 00000000.00000002.1670872716.00000000005A0000.00000004.00000001.01000000.00000003.sdmp | String decryptor: colorfulequalugliess.shop |
Source: 00000000.00000002.1670872716.00000000005A0000.00000004.00000001.01000000.00000003.sdmp | String decryptor: wisemassiveharmonious.shop |
Source: 00000000.00000002.1670872716.00000000005A0000.00000004.00000001.01000000.00000003.sdmp | String decryptor: sideindexfollowragelrew.pw |
Source: 00000000.00000002.1670872716.00000000005A0000.00000004.00000001.01000000.00000003.sdmp | String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 00000000.00000002.1670872716.00000000005A0000.00000004.00000001.01000000.00000003.sdmp | String decryptor: TeslaBrowser/5.5 |
Source: 00000000.00000002.1670872716.00000000005A0000.00000004.00000001.01000000.00000003.sdmp | String decryptor: - Screen Resoluton: |
Source: 00000000.00000002.1670872716.00000000005A0000.00000004.00000001.01000000.00000003.sdmp | String decryptor: - Physical Installed Memory: |
Source: 00000000.00000002.1670872716.00000000005A0000.00000004.00000001.01000000.00000003.sdmp | String decryptor: Workgroup: - |
Source: 00000000.00000002.1670872716.00000000005A0000.00000004.00000001.01000000.00000003.sdmp | String decryptor: LPnhqo--@asasdasqr |
Source: LisectAVT_2403002B_445.exe | Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: LisectAVT_2403002B_445.exe | Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov ebx, eax | 0_2_005A2060 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov byte ptr [edi], dl | 0_2_005C2000 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov byte ptr [edi], dl | 0_2_005C2000 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov byte ptr [edi], dl | 0_2_005C1F63 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then add ebx, edi | 0_2_005D308A |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then cmp byte ptr [edi], 00000000h | 0_2_005B10B9 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov byte ptr [edi], 0000002Bh | 0_2_005C1168 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov ecx, dword ptr [esp+08h] | 0_2_005B4160 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov ebx, eax | 0_2_005A2220 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then cmp dword ptr [eax-08h], 18DC7455h | 0_2_005D02D0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov word ptr [ecx], dx | 0_2_005C02E6 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h | 0_2_005BF31D |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov edx, dword ptr [esp+0Ch] | 0_2_005B638C |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov word ptr [ecx], dx | 0_2_005D2482 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then cmp word ptr [edx+eax], 0000h | 0_2_005D2482 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then jmp esi | 0_2_005CE61E |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then jmp ecx | 0_2_005BC60E |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then jmp esi | 0_2_005D37BA |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov byte ptr [edx], al | 0_2_005C2863 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov ecx, dword ptr [esp+0Ch] | 0_2_005A8800 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov byte ptr [edx], cl | 0_2_005A8800 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then movzx ebx, byte ptr [edx] | 0_2_005CC880 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then cmp dword ptr [eax-08h], 5C3924FCh | 0_2_005BC9B0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then jmp eax | 0_2_005BD9B6 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov eax, dword ptr [edi+0Ch] | 0_2_005A19A0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov edi, dword ptr [esi+0Ch] | 0_2_005D1A5F |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov ecx, dword ptr [esi+00000080h] | 0_2_005C0A88 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov byte ptr [edi], al | 0_2_005C0A88 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then jmp eax | 0_2_005D2B30 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then cmp dword ptr [eax-08h], 5C3924FCh | 0_2_005BFBAB |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then cmp byte ptr [ecx], dl | 0_2_005A7CF0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov edx, dword ptr [esp+08h] | 0_2_005A8C90 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then lea esi, dword ptr [edx+ecx] | 0_2_005BDC90 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov ecx, dword ptr [esp+0Ch] | 0_2_005B6DDA |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then movzx eax, byte ptr [esi+ecx] | 0_2_005ACDB0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then jmp edx | 0_2_005D3DB3 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov edx, dword ptr [esp+08h] | 0_2_005A8DA0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov edi, dword ptr [esi+0Ch] | 0_2_0070265F |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then cmp byte ptr [ecx], dl | 0_2_006D88F0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov word ptr [ecx], dx | 0_2_00703082 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then cmp word ptr [edx+eax], 0000h | 0_2_00703082 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov edx, dword ptr [esp+08h] | 0_2_006D9890 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then lea esi, dword ptr [edx+ecx] | 0_2_006EE890 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 4x nop then mov ecx, edi | 0_2_005A5D70 |
Source: Malware configuration extractor | URLs: associationokeo.shop |
Source: Malware configuration extractor | URLs: turkeyunlikelyofw.shop |
Source: Malware configuration extractor | URLs: pooreveningfuseor.pw |
Source: Malware configuration extractor | URLs: edurestunningcrackyow.fun |
Source: Malware configuration extractor | URLs: detectordiscusser.shop |
Source: Malware configuration extractor | URLs: relevantvoicelesskw.shop |
Source: Malware configuration extractor | URLs: colorfulequalugliess.shop |
Source: Malware configuration extractor | URLs: wisemassiveharmonious.shop |
Source: Malware configuration extractor | URLs: sideindexfollowragelrew.pw |
Source: unknown | DNS traffic detected: query: wisemassiveharmonious.shop replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: turkeyunlikelyofw.shop replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: associationokeo.shop replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: relevantvoicelesskw.shop replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: detectordiscusser.shop replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: colorfulequalugliess.shop replaycode: Name error (3) |
Source: unknown | DNS traffic detected: query: edurestunningcrackyow.fun replaycode: Name error (3) |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic | DNS traffic detected: DNS query: sideindexfollowragelrew.pw |
Source: global traffic | DNS traffic detected: DNS query: wisemassiveharmonious.shop |
Source: global traffic | DNS traffic detected: DNS query: colorfulequalugliess.shop |
Source: global traffic | DNS traffic detected: DNS query: relevantvoicelesskw.shop |
Source: global traffic | DNS traffic detected: DNS query: detectordiscusser.shop |
Source: global traffic | DNS traffic detected: DNS query: edurestunningcrackyow.fun |
Source: global traffic | DNS traffic detected: DNS query: pooreveningfuseor.pw |
Source: global traffic | DNS traffic detected: DNS query: turkeyunlikelyofw.shop |
Source: global traffic | DNS traffic detected: DNS query: associationokeo.shop |
Source: LisectAVT_2403002B_445.exe, 00000000.00000002.1671318253.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_445.exe, 00000000.00000003.1669580341.00000000008D6000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://associationokeo.shop// |
Source: LisectAVT_2403002B_445.exe, 00000000.00000002.1671318253.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_445.exe, 00000000.00000003.1669580341.00000000008D6000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://associationokeo.shop/_ |
Source: LisectAVT_2403002B_445.exe, 00000000.00000002.1671254395.00000000008BE000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_445.exe, 00000000.00000002.1671318253.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_445.exe, 00000000.00000003.1669580341.00000000008EC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_445.exe, 00000000.00000003.1669580341.00000000008D6000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_445.exe, 00000000.00000002.1671318253.00000000008EC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://associationokeo.shop/api |
Source: LisectAVT_2403002B_445.exe, 00000000.00000002.1671254395.00000000008BE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://associationokeo.shop/apiM |
Source: LisectAVT_2403002B_445.exe, 00000000.00000002.1671318253.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_445.exe, 00000000.00000003.1669580341.00000000008D6000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://associationokeo.shop/i |
Source: LisectAVT_2403002B_445.exe, 00000000.00000003.1669580341.00000000008EC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_445.exe, 00000000.00000002.1671318253.00000000008EC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://colorfulequalugliess.shop/K |
Source: LisectAVT_2403002B_445.exe, 00000000.00000002.1671318253.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_445.exe, 00000000.00000003.1669580341.00000000008D6000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://detectordiscusser.shop/ |
Source: LisectAVT_2403002B_445.exe, 00000000.00000003.1669580341.00000000008EC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_445.exe, 00000000.00000002.1671318253.00000000008EC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://detectordiscusser.shop/api |
Source: LisectAVT_2403002B_445.exe, 00000000.00000003.1669580341.00000000008EC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_445.exe, 00000000.00000002.1671318253.00000000008EC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://detectordiscusser.shop/apie |
Source: LisectAVT_2403002B_445.exe, 00000000.00000003.1669580341.00000000008EC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_445.exe, 00000000.00000002.1671318253.00000000008EC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://edurestunningcrackyow.fun/ |
Source: LisectAVT_2403002B_445.exe, 00000000.00000002.1671318253.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_445.exe, 00000000.00000003.1669580341.00000000008D6000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://pooreveningfuseor.pw/ |
Source: LisectAVT_2403002B_445.exe, 00000000.00000002.1671318253.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_445.exe, 00000000.00000003.1669580341.00000000008D6000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://pooreveningfuseor.pw/t |
Source: LisectAVT_2403002B_445.exe, 00000000.00000003.1669580341.00000000008EC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_445.exe, 00000000.00000002.1671318253.00000000008EC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://relevantvoicelesskw.shop// |
Source: LisectAVT_2403002B_445.exe, 00000000.00000002.1671318253.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_445.exe, 00000000.00000003.1669580341.00000000008EC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_445.exe, 00000000.00000003.1669580341.00000000008D6000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_445.exe, 00000000.00000002.1671318253.00000000008EC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://turkeyunlikelyofw.shop/ |
Source: LisectAVT_2403002B_445.exe, 00000000.00000003.1669580341.00000000008EC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_445.exe, 00000000.00000002.1671318253.00000000008EC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://turkeyunlikelyofw.shop/api |
Source: LisectAVT_2403002B_445.exe, 00000000.00000002.1671318253.00000000008DC000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002B_445.exe, 00000000.00000003.1669580341.00000000008D6000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://turkeyunlikelyofw.shop/p |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_006FA0A0 OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard, | 0_2_006FA0A0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_006FA0A0 OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard, | 0_2_006FA0A0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_00703127 NtClose, | 0_2_00703127 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_007052B0 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_007052B0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_00702AB2 NtOpenSection, | 0_2_00702AB2 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_00702C33 NtMapViewOfSection, | 0_2_00702C33 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_00702E7A NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_00702E7A |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_007057A0 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_007057A0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_00440060 | 0_2_00440060 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_004410E0 | 0_2_004410E0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_00512060 | 0_2_00512060 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_00523460 | 0_2_00523460 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_0053FC10 | 0_2_0053FC10 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_00579C10 | 0_2_00579C10 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_00578400 | 0_2_00578400 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_0056A8F0 | 0_2_0056A8F0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_0051BCE0 | 0_2_0051BCE0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_0056C480 | 0_2_0056C480 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005060B0 | 0_2_005060B0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005808B0 | 0_2_005808B0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005074A0 | 0_2_005074A0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_0055AD50 | 0_2_0055AD50 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_00514540 | 0_2_00514540 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_00547D10 | 0_2_00547D10 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_0050FD00 | 0_2_0050FD00 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005495C0 | 0_2_005495C0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005981F1 | 0_2_005981F1 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_004FFA40 | 0_2_004FFA40 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_00503640 | 0_2_00503640 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_0053D260 | 0_2_0053D260 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_0054EA10 | 0_2_0054EA10 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_0054F6D0 | 0_2_0054F6D0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_00531EC0 | 0_2_00531EC0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005612C0 | 0_2_005612C0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005332F0 | 0_2_005332F0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_00502E80 | 0_2_00502E80 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_0052DF50 | 0_2_0052DF50 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005E9371 | 0_2_005E9371 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_00546360 | 0_2_00546360 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_00513710 | 0_2_00513710 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_0056EF10 | 0_2_0056EF10 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_00568B00 | 0_2_00568B00 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_0052C730 | 0_2_0052C730 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005E93E3 | 0_2_005E93E3 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_00517B90 | 0_2_00517B90 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_0052FBA0 | 0_2_0052FBA0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005A3050 | 0_2_005A3050 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005C6080 | 0_2_005C6080 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005A70A0 | 0_2_005A70A0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005B5170 | 0_2_005B5170 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005A2220 | 0_2_005A2220 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005D5290 | 0_2_005D5290 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005A53D0 | 0_2_005A53D0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005A2630 | 0_2_005A2630 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005D5630 | 0_2_005D5630 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005A4680 | 0_2_005A4680 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005C2863 | 0_2_005C2863 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005A3A10 | 0_2_005A3A10 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005AFAB0 | 0_2_005AFAB0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005BDC90 | 0_2_005BDC90 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_006EE890 | 0_2_006EE890 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005CE750 | 0_2_005CE750 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_005A5D70 | 0_2_005A5D70 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: String function: 0058AF80 appears 33 times | |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: String function: 005A8250 appears 145 times | |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: String function: 005A7B10 appears 43 times | |
Source: LisectAVT_2403002B_445.exe | Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: LisectAVT_2403002B_445.exe | Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: unknown | Process created: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe "C:\Users\user\Desktop\LisectAVT_2403002B_445.exe" |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Section loaded: webio.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: LisectAVT_2403002B_445.exe | Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: LisectAVT_2403002B_445.exe, 00000000.00000002.1671254395.00000000008BE000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_0058A882 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 0_2_0058A882 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_0058ECA0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 0_2_0058ECA0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_0058AD60 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 0_2_0058AD60 |
Source: C:\Users\user\Desktop\LisectAVT_2403002B_445.exe | Code function: 0_2_0058AEBC SetUnhandledExceptionFilter, | 0_2_0058AEBC |
Source: LisectAVT_2403002B_445.exe | String found in binary or memory: sideindexfollowragelrew.pw |
Source: LisectAVT_2403002B_445.exe | String found in binary or memory: associationokeo.shop |
Source: LisectAVT_2403002B_445.exe | String found in binary or memory: turkeyunlikelyofw.shop |
Source: LisectAVT_2403002B_445.exe | String found in binary or memory: pooreveningfuseor.pw |
Source: LisectAVT_2403002B_445.exe | String found in binary or memory: edurestunningcrackyow.fun |
Source: LisectAVT_2403002B_445.exe | String found in binary or memory: detectordiscusser.shop |
Source: LisectAVT_2403002B_445.exe | String found in binary or memory: relevantvoicelesskw.shop |
Source: LisectAVT_2403002B_445.exe | String found in binary or memory: colorfulequalugliess.shop |
Source: LisectAVT_2403002B_445.exe | String found in binary or memory: wisemassiveharmonious.shop |