Source: https://steamcommunity.com/profiles/76561199724331900 |
URL Reputation: Label: malware |
Source: https://steamcommunity.com/profiles/76561199724331900/inventory/ |
URL Reputation: Label: malware |
Source: https://steamcommunity.com/profiles/76561199724331900/badges |
URL Reputation: Label: malware |
Source: lootebarrkeyn.shop |
Avira URL Cloud: Label: malware |
Source: https://drawzhotdog.shop/api |
Avira URL Cloud: Label: malware |
Source: stogeneratmns.shop |
Avira URL Cloud: Label: malware |
Source: https://gutterydhowi.shop/api |
Avira URL Cloud: Label: malware |
Source: reinforcenh.shop |
Avira URL Cloud: Label: malware |
Source: https://performenj.shop/6& |
Avira URL Cloud: Label: malware |
Source: https://offensivedzvju.shop/ |
Avira URL Cloud: Label: malware |
Source: https://reinforcenh.shop/d& |
Avira URL Cloud: Label: malware |
Source: https://reinforcenh.shop/api |
Avira URL Cloud: Label: malware |
Source: https://stogeneratmns.shop/&-7 |
Avira URL Cloud: Label: malware |
Source: https://vozmeatillu.shop/ |
Avira URL Cloud: Label: malware |
Source: https://offensivedzvju.shop/W |
Avira URL Cloud: Label: malware |
Source: https://drawzhotdog.shop/ |
Avira URL Cloud: Label: malware |
Source: ghostreedmnu.shop |
Avira URL Cloud: Label: malware |
Source: https://ghostreedmnu.shop/ |
Avira URL Cloud: Label: malware |
Source: https://performenj.shop/pi |
Avira URL Cloud: Label: malware |
Source: https://gutterydhowi.shop/apiO |
Avira URL Cloud: Label: malware |
Source: https://performenj.shop/ |
Avira URL Cloud: Label: malware |
Source: https://stogeneratmns.shop/api |
Avira URL Cloud: Label: malware |
Source: https://vozmeatillu.shop/api |
Avira URL Cloud: Label: malware |
Source: gutterydhowi.shop |
Avira URL Cloud: Label: malware |
Source: https://ghostreedmnu.shop/api |
Avira URL Cloud: Label: malware |
Source: https://offensivedzvju.shop/api |
Avira URL Cloud: Label: malware |
Source: fragnantbui.shop |
Avira URL Cloud: Label: malware |
Source: offensivedzvju.shop |
Avira URL Cloud: Label: malware |
Source: https://fragnantbui.shop/api |
Avira URL Cloud: Label: malware |
Source: drawzhotdog.shop |
Avira URL Cloud: Label: malware |
Source: https://performenj.shop/apit |
Avira URL Cloud: Label: malware |
Source: https://performenj.shop/api |
Avira URL Cloud: Label: malware |
Source: https://stogeneratmns.shop/apiJ |
Avira URL Cloud: Label: malware |
Source: vozmeatillu.shop |
Avira URL Cloud: Label: malware |
Source: 3.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: reinforcenh.shop |
Source: 3.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: stogeneratmns.shop |
Source: 3.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: fragnantbui.shop |
Source: 3.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: drawzhotdog.shop |
Source: 3.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: vozmeatillu.shop |
Source: 3.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: offensivedzvju.shop |
Source: 3.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: ghostreedmnu.shop |
Source: 3.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: gutterydhowi.shop |
Source: 3.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: lootebarrkeyn.shop |
Source: 3.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 3.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: TeslaBrowser/5.5 |
Source: 3.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: - Screen Resoluton: |
Source: 3.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: - Physical Installed Memory: |
Source: 3.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: Workgroup: - |
Source: 3.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: FATE99-- |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp eax |
3_2_00447600 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], cx |
3_2_0044A7E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esi+1Ch] |
3_2_0040FEBC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then xor eax, eax |
3_2_0040EFFC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+00000120h] |
3_2_0040EFFC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then push ebx |
3_2_00415078 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx ecx, byte ptr [esp+34h] |
3_2_00401000 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 0633C81Dh |
3_2_004450E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
3_2_004340F5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
3_2_004340F5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx edi, byte ptr [eax+esi] |
3_2_00407120 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], cx |
3_2_0042A274 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [edx], ax |
3_2_0042A274 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
3_2_0040D2C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], cx |
3_2_0042A2F9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [edx], ax |
3_2_0042A2F9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx eax, word ptr [esi+ecx] |
3_2_00442280 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], cx |
3_2_0042A345 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [edx], ax |
3_2_0042A345 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
3_2_0042A345 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h |
3_2_00431370 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov ebx, eax |
3_2_0040A3C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov ebp, eax |
3_2_0040A3C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], CECD21FDh |
3_2_0042C390 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], CECD21FDh |
3_2_0042C390 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 0633C81Dh |
3_2_00449390 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
3_2_00449390 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
3_2_00424490 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h |
3_2_004204A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], dx |
3_2_004204A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov ecx, esi |
3_2_0042D56C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
3_2_0043B510 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esi+000006A8h] |
3_2_0041E52C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov ecx, esi |
3_2_0042D58E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
3_2_0042F5B7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
3_2_004146B5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx edx, byte ptr [ecx+eax] |
3_2_0040F7E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
3_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esi+20h] |
3_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
3_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
3_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
3_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
3_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [edi], al |
3_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [edi], al |
3_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
3_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [edx], cl |
3_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov dword ptr [esp], 00000000h |
3_2_0041A880 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp al, 2Eh |
3_2_0042C891 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then xor eax, eax |
3_2_0042C891 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 1B788DCFh |
3_2_00444970 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 54CA534Eh |
3_2_004489F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [edi], al |
3_2_00434A2F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 0633C81Dh |
3_2_00445AD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
3_2_00413AE6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov ebx, ecx |
3_2_00413AE6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp byte ptr [edi], 00000000h |
3_2_00413AE6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
3_2_0042BB00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp edx |
3_2_00427B0F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
3_2_00430BD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx ecx, word ptr [edi+eax] |
3_2_00448BE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h |
3_2_0044AC00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+edi] |
3_2_00404C10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h |
3_2_00426CA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then add edi, 02h |
3_2_0041DD64 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [ebx] |
3_2_0041DD64 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+ebx] |
3_2_00405D20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [edi], al |
3_2_00434DF6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
3_2_00445D80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h |
3_2_0044AD90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
3_2_00449E60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp byte ptr [ebx], 00000000h |
3_2_00414E26 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then xor eax, eax |
3_2_00414E26 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-10h] |
3_2_00447EDE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
3_2_0044AF10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 81105F7Ah |
3_2_0044AF10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], cx |
3_2_00426F20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h |
3_2_0041CFF0 |
Source: Network traffic |
Suricata IDS: 2056160 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (offensivedzvju .shop) : 192.168.2.6:63504 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056162 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ghostreedmnu .shop) : 192.168.2.6:62281 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056048 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lootebarrkeyn .shop) : 192.168.2.6:52018 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056161 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (offensivedzvju .shop in TLS SNI) : 192.168.2.6:49713 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2056159 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (vozmeatillu .shop in TLS SNI) : 192.168.2.6:49714 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2056151 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (reinforcenh .shop in TLS SNI) : 192.168.2.6:49718 -> 172.67.208.139:443 |
Source: Network traffic |
Suricata IDS: 2056153 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (stogeneratmns .shop in TLS SNI) : 192.168.2.6:49717 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2056163 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ghostreedmnu .shop in TLS SNI) : 192.168.2.6:49711 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2056164 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gutterydhowi .shop) : 192.168.2.6:59886 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056158 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vozmeatillu .shop) : 192.168.2.6:50739 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056157 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawzhotdog .shop in TLS SNI) : 192.168.2.6:49715 -> 172.67.162.108:443 |
Source: Network traffic |
Suricata IDS: 2056154 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fragnantbui .shop) : 192.168.2.6:65346 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056150 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (reinforcenh .shop) : 192.168.2.6:55477 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056152 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (stogeneratmns .shop) : 192.168.2.6:65127 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056155 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fragnantbui .shop in TLS SNI) : 192.168.2.6:49716 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2056165 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (gutterydhowi .shop in TLS SNI) : 192.168.2.6:49710 -> 104.21.4.136:443 |
Source: Network traffic |
Suricata IDS: 2056156 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawzhotdog .shop) : 192.168.2.6:58108 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49717 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49710 -> 104.21.4.136:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49711 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49710 -> 104.21.4.136:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49717 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49711 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49714 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49714 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49713 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49713 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49716 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49716 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49720 -> 172.67.189.2:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49718 -> 172.67.208.139:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49720 -> 172.67.189.2:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49718 -> 172.67.208.139:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49715 -> 172.67.162.108:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49715 -> 172.67.162.108:443 |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: gutterydhowi.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: ghostreedmnu.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: offensivedzvju.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: vozmeatillu.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: drawzhotdog.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: fragnantbui.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: stogeneratmns.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: reinforcenh.shop |
Source: global traffic |
HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: performenj.shop |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2240183729.0000000003278000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/ |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2240183729.0000000003278000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/privacy_agreement/ |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2240183729.0000000003278000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/subscriber_agreement/ |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e199731 |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2240168674.0000000003270000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.c |
Source: RegAsm.exe, 00000003.00000002.2240168674.0000000003270000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG& |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2240168674.0000000003270000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english |
Source: RegAsm.exe, 00000003.00000002.2240168674.0000000003270000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1 |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2240168674.0000000003270000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif |
Source: RegAsm.exe, 00000003.00000002.2240183729.0000000003278000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6 |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=PzKBszTg |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2240168674.0000000003270000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTS |
Source: RegAsm.exe, 00000003.00000002.2240168674.0000000003270000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2240168674.0000000003270000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2240168674.0000000003270000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=B0lGn8MokmdT&l=e |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2240168674.0000000003270000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english |
Source: RegAsm.exe, 00000003.00000002.2240168674.0000000003270000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=gC |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2240168674.0000000003270000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2240168674.0000000003270000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6& |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2240168674.0000000003270000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2240168674.0000000003270000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0 |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamaoE |
Source: RegAsm.exe, 00000003.00000002.2239756790.0000000000F25000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drawzhotdog.shop/ |
Source: RegAsm.exe, 00000003.00000002.2239756790.0000000000F25000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fragnantbui.shop/api |
Source: RegAsm.exe, 00000003.00000002.2239609640.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ghostreedmnu.shop/ |
Source: RegAsm.exe, 00000003.00000002.2239609640.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ghostreedmnu.shop/api |
Source: RegAsm.exe, 00000003.00000002.2239685477.0000000000EE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://gutterydhowi.shop/api |
Source: RegAsm.exe, 00000003.00000002.2239685477.0000000000EE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://gutterydhowi.shop/apiO |
Source: RegAsm.exe, 00000003.00000002.2239609640.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://offensivedzvju.shop/ |
Source: RegAsm.exe, 00000003.00000002.2239756790.0000000000F25000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://offensivedzvju.shop/W |
Source: RegAsm.exe, 00000003.00000002.2239685477.0000000000EE3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://performenj.shop/ |
Source: RegAsm.exe, 00000003.00000002.2239756790.0000000000F25000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://performenj.shop/6& |
Source: RegAsm.exe, 00000003.00000002.2239609640.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2239756790.0000000000F25000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://performenj.shop/api |
Source: RegAsm.exe, 00000003.00000002.2239756790.0000000000F25000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://performenj.shop/apit |
Source: RegAsm.exe, 00000003.00000002.2239756790.0000000000F25000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://performenj.shop/pi |
Source: RegAsm.exe, 00000003.00000002.2239756790.0000000000F25000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://reinforcenh.shop/d& |
Source: RegAsm.exe, 00000003.00000002.2239609640.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2239685477.0000000000EE3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/ |
Source: RegAsm.exe, 00000003.00000002.2239609640.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/N |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2240183729.0000000003278000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/ |
Source: RegAsm.exe, 00000003.00000002.2239756790.0000000000F25000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://stogeneratmns.shop/&-7 |
Source: RegAsm.exe, 00000003.00000002.2239756790.0000000000F25000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://stogeneratmns.shop/api |
Source: RegAsm.exe, 00000003.00000002.2239756790.0000000000F25000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://stogeneratmns.shop/apiJ |
Source: RegAsm.exe, 00000003.00000002.2239924746.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2240183729.0000000003278000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/legal/ |
Source: RegAsm.exe, 00000003.00000002.2239756790.0000000000F25000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://vozmeatillu.shop/ |
Source: RegAsm.exe, 00000003.00000002.2239756790.0000000000F25000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://vozmeatillu.shop/api |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00410480 |
3_2_00410480 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00447600 |
3_2_00447600 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040FEBC |
3_2_0040FEBC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0044004B |
3_2_0044004B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00401000 |
3_2_00401000 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0044B020 |
3_2_0044B020 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004450E0 |
3_2_004450E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004340F5 |
3_2_004340F5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004091F0 |
3_2_004091F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004012A7 |
3_2_004012A7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0042A345 |
3_2_0042A345 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0044B300 |
3_2_0044B300 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040A3C0 |
3_2_0040A3C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0042C390 |
3_2_0042C390 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00449390 |
3_2_00449390 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00407470 |
3_2_00407470 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040B470 |
3_2_0040B470 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040E470 |
3_2_0040E470 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00405400 |
3_2_00405400 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00411420 |
3_2_00411420 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0042D56C |
3_2_0042D56C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0041E52C |
3_2_0041E52C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0042D58E |
3_2_0042D58E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00437620 |
3_2_00437620 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00409737 |
3_2_00409737 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00403790 |
3_2_00403790 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004327B0 |
3_2_004327B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00408810 |
3_2_00408810 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0042C891 |
3_2_0042C891 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00449970 |
3_2_00449970 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040A910 |
3_2_0040A910 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00409A02 |
3_2_00409A02 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00445AD0 |
3_2_00445AD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00449B60 |
3_2_00449B60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0042BB00 |
3_2_0042BB00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00427B0F |
3_2_00427B0F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00438C00 |
3_2_00438C00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0043FD0E |
3_2_0043FD0E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00449E60 |
3_2_00449E60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00407E70 |
3_2_00407E70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00447EDE |
3_2_00447EDE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0042DEF8 |
3_2_0042DEF8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0043EF50 |
3_2_0043EF50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040AFD0 |
3_2_0040AFD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0042DFE0 |
3_2_0042DFE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040BF80 |
3_2_0040BF80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00448F80 |
3_2_00448F80 |
Source: C:\Users\user\Desktop\3ZD5tEC5DH.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\3ZD5tEC5DH.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\3ZD5tEC5DH.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\3ZD5tEC5DH.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\3ZD5tEC5DH.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\3ZD5tEC5DH.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\3ZD5tEC5DH.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: 3ZD5tEC5DH.exe, 00000000.00000002.2136578260.00000000036A5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: reinforcenh.shop |
Source: 3ZD5tEC5DH.exe, 00000000.00000002.2136578260.00000000036A5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: stogeneratmns.shop |
Source: 3ZD5tEC5DH.exe, 00000000.00000002.2136578260.00000000036A5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: fragnantbui.shop |
Source: 3ZD5tEC5DH.exe, 00000000.00000002.2136578260.00000000036A5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: drawzhotdog.shop |
Source: 3ZD5tEC5DH.exe, 00000000.00000002.2136578260.00000000036A5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: vozmeatillu.shop |
Source: 3ZD5tEC5DH.exe, 00000000.00000002.2136578260.00000000036A5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: offensivedzvju.shop |
Source: 3ZD5tEC5DH.exe, 00000000.00000002.2136578260.00000000036A5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: ghostreedmnu.shop |
Source: 3ZD5tEC5DH.exe, 00000000.00000002.2136578260.00000000036A5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: gutterydhowi.shop |
Source: 3ZD5tEC5DH.exe, 00000000.00000002.2136578260.00000000036A5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: lootebarrkeyn.shop |