Files
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\cHAxMzM3_crypted_LAB.exe
|
"C:\Users\user\Desktop\cHAxMzM3_crypted_LAB.exe"
|
||
C:\Users\user\Desktop\cHAxMzM3_crypted_LAB.exe
|
"C:\Users\user\Desktop\cHAxMzM3_crypted_LAB.exe"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 916
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
stingyerasjhru.click
|
|||
https://smiteattacekr.org/api
|
188.114.96.3
|
||
https://steamcommunity.com/profiles/76561199724331900
|
104.102.49.254
|
||
https://smiteattacekr.org/apih
|
unknown
|
||
rabidcowse.shop
|
|||
https://community.fastly.steamstatic.com/public/images/skin_
|
unknown
|
||
wholersorie.shop
|
|||
https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=eVGzFA1_2smb&a
|
unknown
|
||
https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=F357
|
unknown
|
||
http://upx.sf.net
|
unknown
|
||
http://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=gi31XL_w
|
unknown
|
||
https://steamcommunity.com/profiles/76561199724331900/inventory/
|
unknown
|
||
http://store.steampowered.com/Ua
|
unknown
|
||
cloudewahsj.shop
|
|||
noisycuttej.shop
|
|||
https://smiteattacekr.org/dS
|
unknown
|
||
nearycrepso.shop
|
|||
https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
|
unknown
|
||
https://smiteattacekr.org/
|
unknown
|
||
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geoname
|
unknown
|
||
framekgirus.shop
|
|||
https://store.steamp
|
unknown
|
||
tirepublicerj.shop
|
|||
abruptyopsn.shop
|
There are 15 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
smiteattacekr.org
|
188.114.96.3
|
||
stingyerasjhru.click
|
unknown
|
||
steamcommunity.com
|
104.102.49.254
|
||
53.210.109.20.in-addr.arpa
|
unknown
|
||
cloudewahsj.shop
|
unknown
|
||
noisycuttej.shop
|
unknown
|
||
nearycrepso.shop
|
unknown
|
||
rabidcowse.shop
|
unknown
|
||
wholersorie.shop
|
unknown
|
||
framekgirus.shop
|
unknown
|
||
tirepublicerj.shop
|
unknown
|
||
171.39.242.20.in-addr.arpa
|
unknown
|
||
abruptyopsn.shop
|
unknown
|
There are 3 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
188.114.96.3
|
smiteattacekr.org
|
European Union
|
||
104.102.49.254
|
steamcommunity.com
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{be31cd80-03ab-6821-9ddf-ca1c84af3a85}\Root\InventoryApplicationFile\chaxmzm3_crypted|b87ab0fcde3fabda
|
ProgramId
|
||
\REGISTRY\A\{be31cd80-03ab-6821-9ddf-ca1c84af3a85}\Root\InventoryApplicationFile\chaxmzm3_crypted|b87ab0fcde3fabda
|
FileId
|
||
\REGISTRY\A\{be31cd80-03ab-6821-9ddf-ca1c84af3a85}\Root\InventoryApplicationFile\chaxmzm3_crypted|b87ab0fcde3fabda
|
LowerCaseLongPath
|
||
\REGISTRY\A\{be31cd80-03ab-6821-9ddf-ca1c84af3a85}\Root\InventoryApplicationFile\chaxmzm3_crypted|b87ab0fcde3fabda
|
LongPathHash
|
||
\REGISTRY\A\{be31cd80-03ab-6821-9ddf-ca1c84af3a85}\Root\InventoryApplicationFile\chaxmzm3_crypted|b87ab0fcde3fabda
|
Name
|
||
\REGISTRY\A\{be31cd80-03ab-6821-9ddf-ca1c84af3a85}\Root\InventoryApplicationFile\chaxmzm3_crypted|b87ab0fcde3fabda
|
OriginalFileName
|
||
\REGISTRY\A\{be31cd80-03ab-6821-9ddf-ca1c84af3a85}\Root\InventoryApplicationFile\chaxmzm3_crypted|b87ab0fcde3fabda
|
Publisher
|
||
\REGISTRY\A\{be31cd80-03ab-6821-9ddf-ca1c84af3a85}\Root\InventoryApplicationFile\chaxmzm3_crypted|b87ab0fcde3fabda
|
Version
|
||
\REGISTRY\A\{be31cd80-03ab-6821-9ddf-ca1c84af3a85}\Root\InventoryApplicationFile\chaxmzm3_crypted|b87ab0fcde3fabda
|
BinFileVersion
|
||
\REGISTRY\A\{be31cd80-03ab-6821-9ddf-ca1c84af3a85}\Root\InventoryApplicationFile\chaxmzm3_crypted|b87ab0fcde3fabda
|
BinaryType
|
||
\REGISTRY\A\{be31cd80-03ab-6821-9ddf-ca1c84af3a85}\Root\InventoryApplicationFile\chaxmzm3_crypted|b87ab0fcde3fabda
|
ProductName
|
||
\REGISTRY\A\{be31cd80-03ab-6821-9ddf-ca1c84af3a85}\Root\InventoryApplicationFile\chaxmzm3_crypted|b87ab0fcde3fabda
|
ProductVersion
|
||
\REGISTRY\A\{be31cd80-03ab-6821-9ddf-ca1c84af3a85}\Root\InventoryApplicationFile\chaxmzm3_crypted|b87ab0fcde3fabda
|
LinkDate
|
||
\REGISTRY\A\{be31cd80-03ab-6821-9ddf-ca1c84af3a85}\Root\InventoryApplicationFile\chaxmzm3_crypted|b87ab0fcde3fabda
|
BinProductVersion
|
||
\REGISTRY\A\{be31cd80-03ab-6821-9ddf-ca1c84af3a85}\Root\InventoryApplicationFile\chaxmzm3_crypted|b87ab0fcde3fabda
|
AppxPackageFullName
|
||
\REGISTRY\A\{be31cd80-03ab-6821-9ddf-ca1c84af3a85}\Root\InventoryApplicationFile\chaxmzm3_crypted|b87ab0fcde3fabda
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{be31cd80-03ab-6821-9ddf-ca1c84af3a85}\Root\InventoryApplicationFile\chaxmzm3_crypted|b87ab0fcde3fabda
|
Size
|
||
\REGISTRY\A\{be31cd80-03ab-6821-9ddf-ca1c84af3a85}\Root\InventoryApplicationFile\chaxmzm3_crypted|b87ab0fcde3fabda
|
Language
|
||
\REGISTRY\A\{be31cd80-03ab-6821-9ddf-ca1c84af3a85}\Root\InventoryApplicationFile\chaxmzm3_crypted|b87ab0fcde3fabda
|
Usn
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
There are 13 hidden registries, click here to show them.
Memdumps
There are 101 hidden memdumps, click here to show them.