Source: https://5.75.212.60/sqls.dll | Avira URL Cloud: Label: malware |
Source: callosallsaospz.shop | Avira URL Cloud: Label: malware |
Source: https://steamcommunity.com/profiles/76561199747278259/badges | Avira URL Cloud: Label: malware |
Source: https://5.75.212.60/1 | Avira URL Cloud: Label: malware |
Source: https://t.me/s41l0#69 | Avira URL Cloud: Label: malware |
Source: https://5.75.212.60/5 | Avira URL Cloud: Label: malware |
Source: https://t.me/armad2a | Avira URL Cloud: Label: malware |
Source: https://5.75.212.60/mozglue.dll# | Avira URL Cloud: Label: malware |
Source: https://5.75.212.60/F | Avira URL Cloud: Label: malware |
Source: https://steamcommunity.com/profiles/76561199747278259 | Avira URL Cloud: Label: malware |
Source: https://5.75.212.60/a | Avira URL Cloud: Label: malware |
Source: https://5.75.212.60/indows.storage.dlll | Avira URL Cloud: Label: malware |
Source: https://5.75.212.60/p | Avira URL Cloud: Label: malware |
Source: https://5.75.212.60/softokn3.dll | Avira URL Cloud: Label: malware |
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp | String decryptor: indexterityszcoxp.shop |
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp | String decryptor: lariatedzugspd.shop |
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp | String decryptor: callosallsaospz.shop |
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp | String decryptor: outpointsozp.shop |
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp | String decryptor: liernessfornicsa.shop |
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp | String decryptor: upknittsoappz.shop |
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp | String decryptor: shepherdlyopzc.shop |
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp | String decryptor: unseaffarignsk.shop |
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp | String decryptor: liernessfornicsa.shop |
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp | String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp | String decryptor: TeslaBrowser/5.5 |
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp | String decryptor: - Screen Resoluton: |
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp | String decryptor: - Physical Installed Memory: |
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp | String decryptor: Workgroup: - |
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp | String decryptor: H8NgCl-- |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_00406D50 CryptUnprotectData,LocalAlloc,LocalFree, | 1_2_00406D50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_00406CD0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree, | 1_2_00406CD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_00410DF0 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA, | 1_2_00410DF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_00408980 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,PK11_FreeSlot,lstrcatA,PK11_FreeSlot,lstrcatA, | 1_2_00408980 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_6C576C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer, | 1_2_6C576C80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_6C6CA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util, | 1_2_6C6CA9A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_6C6C4440 PK11_PrivDecrypt, | 1_2_6C6C4440 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_6C694420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free, | 1_2_6C694420 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_6C6C44C0 PK11_PubEncrypt, | 1_2_6C6C44C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_6C7125B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt, | 1_2_6C7125B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_6C6A8670 PK11_ExportEncryptedPrivKeyInfo, | 1_2_6C6A8670 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_6C6CA650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext, | 1_2_6C6CA650 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_6C6AE6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free, | 1_2_6C6AE6E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_6C6EA730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError, | 1_2_6C6EA730 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 6_2_004066DD CryptUnprotectData,LocalAlloc,LocalFree, | 6_2_004066DD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 6_2_0040667A CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree, | 6_2_0040667A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 6_2_00407FEE memset,lstrlenA,CryptStringToBinaryA,memcpy,lstrcatA,lstrcatA, | 6_2_00407FEE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 6_2_0040F388 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA, | 6_2_0040F388 |
Source: | Binary string: freebl3.pdb source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.1.dr |
Source: | Binary string: mozglue.pdbP source: MSBuild.exe, 00000001.00000002.2459852233.000000006C5DD000.00000002.00000001.01000000.0000000A.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.1.dr |
Source: | Binary string: converter.pdb source: DGDBKFBAKF.exe, 00000007.00000000.2132619976.0000000000FD2000.00000002.00000001.01000000.0000000C.sdmp |
Source: | Binary string: freebl3.pdbp source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.1.dr |
Source: | Binary string: nss3.pdb@ source: MSBuild.exe, 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr |
Source: | Binary string: PE.pdbH] source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1669807678.0000000003321000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1678671142.0000000005950000.00000004.08000000.00040000.00000000.sdmp |
Source: | Binary string: softokn3.pdb@ source: MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: softwaretown.pdb source: DBAAFIDGDA.exe, 00000005.00000000.2060267748.00000000009A2000.00000002.00000001.01000000.0000000B.sdmp, DBAAFIDGDA.exe.1.dr, jen1hg[1].exe.1.dr |
Source: | Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: MSBuild.exe, 00000001.00000002.2434980346.0000000037F67000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: converter.pdbx source: DGDBKFBAKF.exe, 00000007.00000000.2132619976.0000000000FD2000.00000002.00000001.01000000.0000000C.sdmp |
Source: | Binary string: fmradiosoft.pdbX source: 1lKbb2hF7fYToopfpmEvlyRN.exe |
Source: | Binary string: PE.pdb source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1669807678.0000000003321000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1678671142.0000000005950000.00000004.08000000.00040000.00000000.sdmp |
Source: | Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: MSBuild.exe, 00000001.00000002.2428216684.000000002C086000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Users\press\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\GPgmshZsn.pdb source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004866000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1679997283.0000000005D53000.00000004.08000000.00040000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.00000000043DC000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: nss3.pdb source: MSBuild.exe, 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr |
Source: | Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000001.00000002.2418885416.000000001FD38000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2405952404.0000000019DC7000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2634247963.00000000066DB000.00000002.00001000.00020000.00000000.sdmp |
Source: | Binary string: mozglue.pdb source: MSBuild.exe, 00000001.00000002.2459852233.000000006C5DD000.00000002.00000001.01000000.0000000A.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.1.dr |
Source: | Binary string: softokn3.pdb source: MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Users\press\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\xlHkJa.pdb source: DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2185461295.00000000062E0000.00000004.08000000.00040000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: fmradiosoft.pdb source: 1lKbb2hF7fYToopfpmEvlyRN.exe |
Source: | Binary string: C:\Users\press\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\hZlPXWfEn.pdb source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2078508760.0000000004B1E000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2092583255.0000000005BEC000.00000004.08000000.00040000.00000000.sdmp |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_00401110 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose, | 1_2_00401110 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_004099F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, | 1_2_004099F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_0040A2C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, | 1_2_0040A2C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_004156C0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, | 1_2_004156C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_0040C2E0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, | 1_2_0040C2E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_00415EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, | 1_2_00415EA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_00414F80 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,FindNextFileA,FindClose, | 1_2_00414F80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_0040B390 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, | 1_2_0040B390 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_00409D40 StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, | 1_2_00409D40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_00415A70 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA, | 1_2_00415A70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 1_2_0040AAB0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose, | 1_2_0040AAB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 6_2_0040B4B4 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, | 6_2_0040B4B4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 6_2_00413C66 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, | 6_2_00413C66 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 6_2_004138AA GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA, | 6_2_004138AA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 6_2_00401157 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose, | 6_2_00401157 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 6_2_0041355A wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, | 6_2_0041355A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 6_2_004091E3 StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, | 6_2_004091E3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 6_2_00409E5F wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose, | 6_2_00409E5F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 6_2_0040A6A6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, | 6_2_0040A6A6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 6_2_00408EB5 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, | 6_2_00408EB5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 6_2_00412F4A wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,memset,lstrcatA,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,FindNextFileA,FindClose, | 6_2_00412F4A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 6_2_00409706 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, | 6_2_00409706 |
Source: Malware configuration extractor | URLs: indexterityszcoxp.shop |
Source: Malware configuration extractor | URLs: lariatedzugspd.shop |
Source: Malware configuration extractor | URLs: callosallsaospz.shop |
Source: Malware configuration extractor | URLs: callosallsaospz.shop |
Source: Malware configuration extractor | URLs: outpointsozp.shop |
Source: Malware configuration extractor | URLs: outpointsozp.shop |
Source: Malware configuration extractor | URLs: liernessfornicsa.shop |
Source: Malware configuration extractor | URLs: upknittsoappz.shop |
Source: Malware configuration extractor | URLs: shepherdlyopzc.shop |
Source: Malware configuration extractor | URLs: unseaffarignsk.shop |
Source: Malware configuration extractor | URLs: https://steamcommunity.com/profiles/76561199743486170 |
Source: Malware configuration extractor | URLs: https://t.me/s41l0 |