Source: stamppreewntnq.shop | Avira URL Cloud: Label: phishing |
Source: froytnewqowv.shop | Avira URL Cloud: Label: phishing |
Source: https://froytnewqowv.shop/apiMf | Avira URL Cloud: Label: phishing |
Source: https://froytnewqowv.shop/ | Avira URL Cloud: Label: phishing |
Source: https://froytnewqowv.shop:443/api | Avira URL Cloud: Label: phishing |
Source: https://froytnewqowv.shop/b.y | Avira URL Cloud: Label: phishing |
Source: https://froytnewqowv.shop/5 | Avira URL Cloud: Label: phishing |
Source: https://froytnewqowv.shop/api | Avira URL Cloud: Label: malware |
Source: condedqpwqm.shop | Avira URL Cloud: Label: phishing |
Source: locatedblsoqp.shop | Avira URL Cloud: Label: phishing |
Source: millyscroqwp.shop | Avira URL Cloud: Label: malware |
Source: caffegclasiqwp.shop | Avira URL Cloud: Label: malware |
Source: traineiwnqo.shop | Avira URL Cloud: Label: malware |
Source: stagedchheiqwo.shop | Avira URL Cloud: Label: phishing |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: caffegclasiqwp.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: stamppreewntnq.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: stagedchheiqwo.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: millyscroqwp.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: evoliutwoqm.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: condedqpwqm.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: traineiwnqo.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: locatedblsoqp.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: froytnewqowv.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: TeslaBrowser/5.5 |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: - Screen Resoluton: |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: - Physical Installed Memory: |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: Workgroup: - |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: yau6Na--503322905 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp+1Ch] | 2_2_0040C000 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov ecx, dword ptr [esp] | 2_2_0040B810 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov ecx, dword ptr [ebp-14h] | 2_2_0043BC78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov edx, dword ptr [esp] | 2_2_0040CC80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov edx, dword ptr [esp] | 2_2_0040C69D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp+08h] | 2_2_00413846 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp+00000874h] | 2_2_0041E850 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov word ptr [edx], cx | 2_2_0041E850 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov word ptr [edx], cx | 2_2_0041F862 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov edi, dword ptr [edx+ebx+3Ch] | 2_2_0043A830 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then movzx eax, word ptr [esi+ecx] | 2_2_004390C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov ecx, dword ptr [esp] | 2_2_0043E8D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [ebp-10h] | 2_2_0043E080 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then jmp eax | 2_2_00413888 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov word ptr [edx], cx | 2_2_0041F8B7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 2_2_0041F8B7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov ecx, dword ptr [esp] | 2_2_0041D940 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then movzx ebx, byte ptr [edx] | 2_2_00431950 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [ecx], al | 2_2_00415172 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [ecx], al | 2_2_00415172 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov ecx, dword ptr [ebp-24h] | 2_2_00415172 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then movzx eax, word ptr [ebx] | 2_2_0043F9E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp dword ptr [ebx+esi*8], 625B6034h | 2_2_004211B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov dword ptr [esp], 00000000h | 2_2_00413A50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov ecx, dword ptr [esi+000000D8h] | 2_2_0042A2DC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esi+34h] | 2_2_0042A2DC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esi+34h] | 2_2_0042A2DC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov ecx, dword ptr [esi+18h] | 2_2_0042A2DC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], CECD21FDh | 2_2_0042A2DC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp+04h] | 2_2_004122E6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h | 2_2_0043F290 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [edi], al | 2_2_00427B30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov word ptr [eax], cx | 2_2_00423BE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov word ptr [ecx], ax | 2_2_0041DBEA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [ebp-10h] | 2_2_0043E390 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 2_2_0043D470 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [ebp-10h] | 2_2_0043DC70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h | 2_2_0041C400 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov edx, dword ptr [ebp-10h] | 2_2_0041E411 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 2_2_004104D1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp+38h] | 2_2_0040F578 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then jmp edx | 2_2_0041CDED |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp byte ptr [ebx+01h], 00000000h | 2_2_0041CDED |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov ebx, dword ptr [edi+04h] | 2_2_00424640 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov word ptr [eax], cx | 2_2_0041C660 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h | 2_2_00415E62 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov ecx, dword ptr [esi+000000D8h] | 2_2_0042866E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then movzx edx, byte ptr [esi+edi] | 2_2_00403E70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp+00000874h] | 2_2_0041E6C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov word ptr [edx], cx | 2_2_0041E6C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov word ptr [eax], cx | 2_2_00423F07 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [ebp-10h] | 2_2_0043DF90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then jmp edx | 2_2_0043A796 |
Source: Malware configuration extractor | URLs: locatedblsoqp.shop |
Source: Malware configuration extractor | URLs: traineiwnqo.shop |
Source: Malware configuration extractor | URLs: evoliutwoqm.shop |
Source: Malware configuration extractor | URLs: caffegclasiqwp.shop |
Source: Malware configuration extractor | URLs: stamppreewntnq.shop |
Source: Malware configuration extractor | URLs: stagedchheiqwo.shop |
Source: Malware configuration extractor | URLs: froytnewqowv.shop |
Source: Malware configuration extractor | URLs: condedqpwqm.shop |
Source: Malware configuration extractor | URLs: millyscroqwp.shop |
Source: Amcache.hve.6.dr | String found in binary or memory: http://upx.sf.net |
Source: RegAsm.exe, 00000002.00000002.2208570206.0000000001042000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2208570206.000000000104F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://froytnewqowv.shop/ |
Source: RegAsm.exe, 00000002.00000002.2208570206.000000000104F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://froytnewqowv.shop/5 |
Source: RegAsm.exe, 00000002.00000002.2208570206.000000000102F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2208570206.000000000100A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://froytnewqowv.shop/api |
Source: RegAsm.exe, 00000002.00000002.2208570206.000000000102F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://froytnewqowv.shop/apiMf |
Source: RegAsm.exe, 00000002.00000002.2208570206.000000000100A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://froytnewqowv.shop/b.y |
Source: RegAsm.exe, 00000002.00000002.2208570206.0000000001066000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://froytnewqowv.shop:443/api |
Source: C:\Users\user\Desktop\Loader.exe | Code function: 0_2_01530B20 | 0_2_01530B20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0043681D | 2_2_0043681D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0040CC80 | 2_2_0040CC80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0040C69D | 2_2_0040C69D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0041E850 | 2_2_0041E850 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0043B050 | 2_2_0043B050 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0042D056 | 2_2_0042D056 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0042285E | 2_2_0042285E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00408870 | 2_2_00408870 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00409810 | 2_2_00409810 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00430035 | 2_2_00430035 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0042E8D7 | 2_2_0042E8D7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0043E080 | 2_2_0043E080 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004020AD | 2_2_004020AD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0041F8B7 | 2_2_0041F8B7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00436150 | 2_2_00436150 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00420970 | 2_2_00420970 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00415172 | 2_2_00415172 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0043F9E0 | 2_2_0043F9E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0042D9EB | 2_2_0042D9EB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00408190 | 2_2_00408190 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0043D9AD | 2_2_0043D9AD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004211B0 | 2_2_004211B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0042C9B7 | 2_2_0042C9B7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00405A40 | 2_2_00405A40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00429A49 | 2_2_00429A49 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00426206 | 2_2_00426206 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0042BADA | 2_2_0042BADA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0042A2DC | 2_2_0042A2DC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004122E6 | 2_2_004122E6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0042E2AC | 2_2_0042E2AC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00420360 | 2_2_00420360 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00411B6E | 2_2_00411B6E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00424B70 | 2_2_00424B70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00401330 | 2_2_00401330 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00427B30 | 2_2_00427B30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004323DD | 2_2_004323DD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004063E0 | 2_2_004063E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00407B80 | 2_2_00407B80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0040DB90 | 2_2_0040DB90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0043E390 | 2_2_0043E390 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00425B9D | 2_2_00425B9D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004223B5 | 2_2_004223B5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0043DC70 | 2_2_0043DC70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00404C20 | 2_2_00404C20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0042F4C7 | 2_2_0042F4C7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0040D4D0 | 2_2_0040D4D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00435CD0 | 2_2_00435CD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0041A4EA | 2_2_0041A4EA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00433D5E | 2_2_00433D5E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0040F578 | 2_2_0040F578 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0040A500 | 2_2_0040A500 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0042C521 | 2_2_0042C521 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00420D30 | 2_2_00420D30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00431530 | 2_2_00431530 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00428535 | 2_2_00428535 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0043D5DE | 2_2_0043D5DE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0041CDED | 2_2_0041CDED |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00421DB5 | 2_2_00421DB5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0042AE2B | 2_2_0042AE2B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0041E6C0 | 2_2_0041E6C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0043F6F0 | 2_2_0043F6F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004306F7 | 2_2_004306F7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00406E80 | 2_2_00406E80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00436E82 | 2_2_00436E82 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00430EAE | 2_2_00430EAE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00401FC5 | 2_2_00401FC5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00404FD0 | 2_2_00404FD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00418FD5 | 2_2_00418FD5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00402FE0 | 2_2_00402FE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004357E0 | 2_2_004357E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0042EF89 | 2_2_0042EF89 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0043DF90 | 2_2_0043DF90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004237A0 | 2_2_004237A0 |
Source: unknown | Process created: C:\Users\user\Desktop\Loader.exe "C:\Users\user\Desktop\Loader.exe" | |
Source: C:\Users\user\Desktop\Loader.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\Loader.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 1768 | |
Source: C:\Users\user\Desktop\Loader.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: aclayers.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sfc.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sfc_os.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: webio.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: Amcache.hve.6.dr | Binary or memory string: VMware |
Source: Amcache.hve.6.dr | Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.6.dr | Binary or memory string: vmci.syshbin |
Source: Amcache.hve.6.dr | Binary or memory string: VMware, Inc. |
Source: RegAsm.exe, 00000002.00000002.2208570206.0000000001066000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW< |
Source: Amcache.hve.6.dr | Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.6.dr | Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.6.dr | Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.6.dr | Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: RegAsm.exe, 00000002.00000002.2208570206.0000000001066000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
Source: Amcache.hve.6.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.6.dr | Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.6.dr | Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.6.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.6.dr | Binary or memory string: vmci.sys |
Source: Amcache.hve.6.dr | Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: Amcache.hve.6.dr | Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.6.dr | Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.6.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.6.dr | Binary or memory string: VMware20,1 |
Source: Amcache.hve.6.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.6.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.6.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.6.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.6.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.6.dr | Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.6.dr | Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.6.dr | Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.6.dr | Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.6.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: RegAsm.exe, 00000002.00000002.2208570206.0000000001026000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW@ |
Source: Amcache.hve.6.dr | Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: C:\Users\user\Desktop\Loader.exe | Code function: 0_2_02E2249D GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessA,CreateProcessA,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread, | 0_2_02E2249D |
Source: Loader.exe, 00000000.00000002.2034446144.0000000003E25000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: caffegclasiqwp.shop |
Source: Loader.exe, 00000000.00000002.2034446144.0000000003E25000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: stamppreewntnq.shop |
Source: Loader.exe, 00000000.00000002.2034446144.0000000003E25000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: stagedchheiqwo.shop |
Source: Loader.exe, 00000000.00000002.2034446144.0000000003E25000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: millyscroqwp.shop |
Source: Loader.exe, 00000000.00000002.2034446144.0000000003E25000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: evoliutwoqm.shop |
Source: Loader.exe, 00000000.00000002.2034446144.0000000003E25000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: condedqpwqm.shop |
Source: Loader.exe, 00000000.00000002.2034446144.0000000003E25000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: traineiwnqo.shop |
Source: Loader.exe, 00000000.00000002.2034446144.0000000003E25000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: locatedblsoqp.shop |
Source: Loader.exe, 00000000.00000002.2034446144.0000000003E25000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: froytnewqowv.shop |
Source: Loader.exe, 00000000.00000002.2034024823.0000000001076000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: avp.exe |
Source: Amcache.hve.6.dr | Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe |
Source: Amcache.hve.6.dr | Binary or memory string: msmpeng.exe |
Source: Amcache.hve.6.dr | Binary or memory string: c:\program files\windows defender\msmpeng.exe |
Source: Loader.exe, 00000000.00000002.2034024823.0000000001076000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: AVP.exe |
Source: Amcache.hve.6.dr | Binary or memory string: MsMpEng.exe |