Source: https://drawzhotdog.shop/api |
Avira URL Cloud: Label: malware |
Source: https://gutterydhowi.shop/api |
Avira URL Cloud: Label: malware |
Source: stogeneratmns.shop |
Avira URL Cloud: Label: malware |
Source: https://performenj.shop/vo |
Avira URL Cloud: Label: malware |
Source: https://offensivedzvju.shop/ |
Avira URL Cloud: Label: malware |
Source: https://steamcommunity.com/profiles/76561199724331900 |
URL Reputation: Label: malware |
Source: lootebarrkeyn.shop |
Avira URL Cloud: Label: malware |
Source: reinforcenh.shop |
Avira URL Cloud: Label: malware |
Source: https://performenj.shop/apiG |
Avira URL Cloud: Label: malware |
Source: https://drawzhotdog.shop/ |
Avira URL Cloud: Label: malware |
Source: https://steamcommunity.com/profiles/76561199724331900/inventory/ |
URL Reputation: Label: malware |
Source: https://reinforcenh.shop/api2 |
Avira URL Cloud: Label: malware |
Source: ghostreedmnu.shop |
Avira URL Cloud: Label: malware |
Source: https://reinforcenh.shop/api |
Avira URL Cloud: Label: malware |
Source: https://reinforcenh.shop/ |
Avira URL Cloud: Label: malware |
Source: https://performenj.shop/ |
Avira URL Cloud: Label: malware |
Source: https://vozmeatillu.shop/api |
Avira URL Cloud: Label: malware |
Source: https://stogeneratmns.shop/api |
Avira URL Cloud: Label: malware |
Source: https://vozmeatillu.shop/Y |
Avira URL Cloud: Label: malware |
Source: gutterydhowi.shop |
Avira URL Cloud: Label: malware |
Source: fragnantbui.shop |
Avira URL Cloud: Label: malware |
Source: https://ghostreedmnu.shop/api |
Avira URL Cloud: Label: malware |
Source: https://fragnantbui.shop/api |
Avira URL Cloud: Label: malware |
Source: https://stogeneratmns.shop/apiD |
Avira URL Cloud: Label: malware |
Source: https://offensivedzvju.shop/api |
Avira URL Cloud: Label: malware |
Source: https://performenj.shop/G |
Avira URL Cloud: Label: malware |
Source: offensivedzvju.shop |
Avira URL Cloud: Label: malware |
Source: https://steamcommunity.com/profiles/76561199724331900/badges |
URL Reputation: Label: malware |
Source: https://performenj.shop/api |
Avira URL Cloud: Label: malware |
Source: drawzhotdog.shop |
Avira URL Cloud: Label: malware |
Source: vozmeatillu.shop |
Avira URL Cloud: Label: malware |
Source: 2.2.RegAsm.exe.400000.0.unpack |
String decryptor: reinforcenh.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack |
String decryptor: stogeneratmns.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack |
String decryptor: fragnantbui.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack |
String decryptor: drawzhotdog.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack |
String decryptor: vozmeatillu.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack |
String decryptor: offensivedzvju.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack |
String decryptor: ghostreedmnu.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack |
String decryptor: gutterydhowi.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack |
String decryptor: lootebarrkeyn.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 2.2.RegAsm.exe.400000.0.unpack |
String decryptor: TeslaBrowser/5.5 |
Source: 2.2.RegAsm.exe.400000.0.unpack |
String decryptor: - Screen Resoluton: |
Source: 2.2.RegAsm.exe.400000.0.unpack |
String decryptor: - Physical Installed Memory: |
Source: 2.2.RegAsm.exe.400000.0.unpack |
String decryptor: Workgroup: - |
Source: 2.2.RegAsm.exe.400000.0.unpack |
String decryptor: FATE99-- |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp eax |
2_2_00447600 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], cx |
2_2_0044A7E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esi+1Ch] |
2_2_0040FEBC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then xor eax, eax |
2_2_0040EFFC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+00000120h] |
2_2_0040EFFC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then push ebx |
2_2_00415078 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx ecx, byte ptr [esp+34h] |
2_2_00401000 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 0633C81Dh |
2_2_004450E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
2_2_004340F5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
2_2_004340F5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx edi, byte ptr [eax+esi] |
2_2_00407120 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], cx |
2_2_0042A274 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [edx], ax |
2_2_0042A274 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_0040D2C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], cx |
2_2_0042A2F9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [edx], ax |
2_2_0042A2F9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx eax, word ptr [esi+ecx] |
2_2_00442280 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], cx |
2_2_0042A345 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [edx], ax |
2_2_0042A345 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_0042A345 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h |
2_2_00431370 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov ebx, eax |
2_2_0040A3C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov ebp, eax |
2_2_0040A3C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], CECD21FDh |
2_2_0042C390 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], CECD21FDh |
2_2_0042C390 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 0633C81Dh |
2_2_00449390 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_00449390 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_00424490 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h |
2_2_004204A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], dx |
2_2_004204A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov ecx, esi |
2_2_0042D56C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
2_2_0043B510 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov ecx, esi |
2_2_0042D58E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_0042F5B7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
2_2_004146B5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx edx, byte ptr [ecx+eax] |
2_2_0040F7E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
2_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esi+20h] |
2_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
2_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
2_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
2_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
2_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [edi], al |
2_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [edi], al |
2_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
2_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [edx], cl |
2_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov dword ptr [esp], 00000000h |
2_2_0041A880 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp al, 2Eh |
2_2_0042C891 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then xor eax, eax |
2_2_0042C891 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 1B788DCFh |
2_2_00444970 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 54CA534Eh |
2_2_004489F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [edi], al |
2_2_00434A2F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 0633C81Dh |
2_2_00445AD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
2_2_00413AE6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov ebx, ecx |
2_2_00413AE6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp byte ptr [edi], 00000000h |
2_2_00413AE6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
2_2_0042BB00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp edx |
2_2_00427B0F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
2_2_00430BD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx ecx, word ptr [edi+eax] |
2_2_00448BE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h |
2_2_0044AC00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+edi] |
2_2_00404C10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h |
2_2_00426CA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then add edi, 02h |
2_2_0041DD64 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [ebx] |
2_2_0041DD64 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+ebx] |
2_2_00405D20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [edi], al |
2_2_00434DF6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
2_2_00445D80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h |
2_2_0044AD90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_00449E60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp byte ptr [ebx], 00000000h |
2_2_00414E26 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then xor eax, eax |
2_2_00414E26 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-10h] |
2_2_00447EDE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_0044AF10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 81105F7Ah |
2_2_0044AF10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], cx |
2_2_00426F20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h |
2_2_0041CFF0 |
Source: Network traffic |
Suricata IDS: 2056162 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ghostreedmnu .shop) : 192.168.2.4:52810 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056160 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (offensivedzvju .shop) : 192.168.2.4:60842 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056154 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fragnantbui .shop) : 192.168.2.4:53726 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056048 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lootebarrkeyn .shop) : 192.168.2.4:63148 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056164 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gutterydhowi .shop) : 192.168.2.4:60602 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056155 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fragnantbui .shop in TLS SNI) : 192.168.2.4:58445 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2056157 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawzhotdog .shop in TLS SNI) : 192.168.2.4:58444 -> 104.21.58.182:443 |
Source: Network traffic |
Suricata IDS: 2056153 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (stogeneratmns .shop in TLS SNI) : 192.168.2.4:58446 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2056163 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ghostreedmnu .shop in TLS SNI) : 192.168.2.4:58441 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2056156 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawzhotdog .shop) : 192.168.2.4:64598 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056152 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (stogeneratmns .shop) : 192.168.2.4:53338 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056150 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (reinforcenh .shop) : 192.168.2.4:64447 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056165 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (gutterydhowi .shop in TLS SNI) : 192.168.2.4:58440 -> 104.21.4.136:443 |
Source: Network traffic |
Suricata IDS: 2056161 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (offensivedzvju .shop in TLS SNI) : 192.168.2.4:58442 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2056158 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vozmeatillu .shop) : 192.168.2.4:55892 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056159 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (vozmeatillu .shop in TLS SNI) : 192.168.2.4:58443 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2056151 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (reinforcenh .shop in TLS SNI) : 192.168.2.4:58447 -> 104.21.77.130:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:58449 -> 172.67.189.2:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:58441 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:58449 -> 172.67.189.2:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:58441 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:58447 -> 104.21.77.130:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:58447 -> 104.21.77.130:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:58440 -> 104.21.4.136:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:58440 -> 104.21.4.136:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:58443 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:58443 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:58442 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:58442 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:58444 -> 104.21.58.182:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:58444 -> 104.21.58.182:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:58445 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:58445 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:58446 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:58446 -> 188.114.96.3:443 |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: gutterydhowi.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: ghostreedmnu.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: offensivedzvju.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: vozmeatillu.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: drawzhotdog.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: fragnantbui.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: stogeneratmns.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: reinforcenh.shop |
Source: global traffic |
HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: performenj.shop |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://127.0.0.1:27060 |
Source: RegAsm.exe, 00000002.00000002.1795323805.000000000130E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1795323805.00000000012ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/ |
Source: RegAsm.exe, 00000002.00000002.1795323805.000000000130E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1795323805.00000000012ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/privacy_agreement/ |
Source: RegAsm.exe, 00000002.00000002.1795323805.000000000130E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1795323805.00000000012ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/subscriber_agreement/ |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.steampowered.com/ |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://broadcast.st.dl.eccdnx.com |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://checkout.steampowered.com/ |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/ |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=nSnUuYf7g6U1&a |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif |
Source: RegAsm.exe, 00000002.00000002.1795323805.000000000130E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1795323805.00000000012ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6 |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=PzKBszTg |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=WnGP |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drawzhotdog.shop/ |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fragnantbui.shop/api |
Source: RegAsm.exe, 00000002.00000002.1795323805.0000000001276000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://gutterydhowi.shop/api |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://help.steampowered.com/ |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.steampowered.com/ |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://lv.queniujq.cn |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://medal.tv |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://offensivedzvju.shop/ |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://performenj.shop/ |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://performenj.shop/G |
Source: RegAsm.exe, 00000002.00000002.1795323805.0000000001276000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1795323805.00000000012ED000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://performenj.shop/api |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://performenj.shop/apiG |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://performenj.shop/vo |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://player.vimeo.com |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://recaptcha.net/recaptcha/; |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://reinforcenh.shop/ |
Source: RegAsm.exe, 00000002.00000002.1795323805.0000000001276000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://reinforcenh.shop/api |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://reinforcenh.shop/api2 |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://s.ytimg.com; |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sketchfab.com |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steam.tv/ |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcast-test.akamaized.net |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcast.akamaized.net |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcastchat.akamaized.net |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/ |
Source: RegAsm.exe, 00000002.00000002.1795323805.0000000001276000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/K |
Source: RegAsm.exe, 00000002.00000002.1795323805.000000000130E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1795323805.00000000012ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/ |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/x |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://stogeneratmns.shop/api |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://stogeneratmns.shop/apiD |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/ |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/; |
Source: RegAsm.exe, 00000002.00000002.1795323805.000000000130E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1795323805.00000000012ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/legal/ |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://vozmeatillu.shop/Y |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/recaptcha/ |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.cn/recaptcha/ |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com/recaptcha/ |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.youtube.com |
Source: RegAsm.exe, 00000002.00000002.1795323805.00000000012A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.youtube.com/ |
Source: unknown |
Network traffic detected: HTTP traffic on port 58443 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 58440 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 58447 |
Source: unknown |
Network traffic detected: HTTP traffic on port 58445 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 58446 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 58446 |
Source: unknown |
Network traffic detected: HTTP traffic on port 58441 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 58444 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 58449 |
Source: unknown |
Network traffic detected: HTTP traffic on port 58442 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 58448 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 58443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 58448 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 58442 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 58445 |
Source: unknown |
Network traffic detected: HTTP traffic on port 58447 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 58444 |
Source: unknown |
Network traffic detected: HTTP traffic on port 58449 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 58441 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 58440 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00410480 |
2_2_00410480 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00447600 |
2_2_00447600 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040FEBC |
2_2_0040FEBC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0044004B |
2_2_0044004B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00401000 |
2_2_00401000 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0044B020 |
2_2_0044B020 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_004450E0 |
2_2_004450E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_004340F5 |
2_2_004340F5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_004091F0 |
2_2_004091F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_004012A7 |
2_2_004012A7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0042A345 |
2_2_0042A345 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0044B300 |
2_2_0044B300 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040A3C0 |
2_2_0040A3C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0042C390 |
2_2_0042C390 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00449390 |
2_2_00449390 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00407470 |
2_2_00407470 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040B470 |
2_2_0040B470 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040E470 |
2_2_0040E470 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00405400 |
2_2_00405400 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00411420 |
2_2_00411420 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0042D56C |
2_2_0042D56C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0042D58E |
2_2_0042D58E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00437620 |
2_2_00437620 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00409737 |
2_2_00409737 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00403790 |
2_2_00403790 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_004327B0 |
2_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0042C891 |
2_2_0042C891 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00449970 |
2_2_00449970 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00409A02 |
2_2_00409A02 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00445AD0 |
2_2_00445AD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00449B60 |
2_2_00449B60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0042BB00 |
2_2_0042BB00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00427B0F |
2_2_00427B0F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00438C00 |
2_2_00438C00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0043FD0E |
2_2_0043FD0E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00449E60 |
2_2_00449E60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00407E70 |
2_2_00407E70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00447EDE |
2_2_00447EDE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0042DEF8 |
2_2_0042DEF8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0043EF50 |
2_2_0043EF50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040AFD0 |
2_2_0040AFD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0042DFE0 |
2_2_0042DFE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040BF80 |
2_2_0040BF80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00448F80 |
2_2_00448F80 |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\a7HdB2dU5P.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: a7HdB2dU5P.exe, 00000000.00000002.1694307717.00000000038C5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: reinforcenh.shop |
Source: a7HdB2dU5P.exe, 00000000.00000002.1694307717.00000000038C5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: stogeneratmns.shop |
Source: a7HdB2dU5P.exe, 00000000.00000002.1694307717.00000000038C5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: fragnantbui.shop |
Source: a7HdB2dU5P.exe, 00000000.00000002.1694307717.00000000038C5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: drawzhotdog.shop |
Source: a7HdB2dU5P.exe, 00000000.00000002.1694307717.00000000038C5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: vozmeatillu.shop |
Source: a7HdB2dU5P.exe, 00000000.00000002.1694307717.00000000038C5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: offensivedzvju.shop |
Source: a7HdB2dU5P.exe, 00000000.00000002.1694307717.00000000038C5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: ghostreedmnu.shop |
Source: a7HdB2dU5P.exe, 00000000.00000002.1694307717.00000000038C5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: gutterydhowi.shop |
Source: a7HdB2dU5P.exe, 00000000.00000002.1694307717.00000000038C5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: lootebarrkeyn.shop |