Source: https://steamcommunity.com/profiles/76561199724331900 |
URL Reputation: Label: malware |
Source: https://steamcommunity.com/profiles/76561199724331900/inventory/ |
URL Reputation: Label: malware |
Source: stogeneratmns.shop |
Avira URL Cloud: Label: malware |
Source: http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dllG |
Avira URL Cloud: Label: malware |
Source: http://46.8.231.109/1309cdeb8f4c8736/mozglue.dllM? |
Avira URL Cloud: Label: malware |
Source: https://reinforcenh.shop/api |
Avira URL Cloud: Label: malware |
Source: https://5.75.211.162/vcruntime140.dll |
Avira URL Cloud: Label: malware |
Source: https://5.75.211.162/softokn3.dll# |
Avira URL Cloud: Label: malware |
Source: http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll |
Avira URL Cloud: Label: malware |
Source: fragnantbui.shop |
Avira URL Cloud: Label: malware |
Source: offensivedzvju.shop |
Avira URL Cloud: Label: malware |
Source: https://5.75.211.162/freebl3.dllF |
Avira URL Cloud: Label: malware |
Source: http://46.8.231.109/7 |
Avira URL Cloud: Label: malware |
Source: https://stogeneratmns.shop/apiU |
Avira URL Cloud: Label: malware |
Source: https://steamcommunity.com/profiles/76561199780418869/inventory/ |
Avira URL Cloud: Label: malware |
Source: http://46.8.231.109/% |
Avira URL Cloud: Label: malware |
Source: https://steamcommunity.com/profiles/76561199780418869 |
Avira URL Cloud: Label: malware |
Source: https://5.75.211.162/mozglue.dllM |
Avira URL Cloud: Label: malware |
Source: http://46.8.231.109/ |
Avira URL Cloud: Label: malware |
Source: http://46.8.231.109/c4754d4f680ead72.php32 |
Avira URL Cloud: Label: malware |
Source: http://46.8.231.109/1309cdeb8f4c8736/nss3.dll |
Avira URL Cloud: Label: malware |
Source: https://5.75.211.162/softokn3.dll |
Avira URL Cloud: Label: malware |
Source: http://46.8.231.109/1309cdeb8f4c8736/softokn3.dllm |
Avira URL Cloud: Label: malware |
Source: https://5.75.211.162/freebl3.dlls |
Avira URL Cloud: Label: malware |
Source: http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dllh |
Avira URL Cloud: Label: malware |
Source: https://stogeneratmns.shop/api |
Avira URL Cloud: Label: malware |
Source: https://ghostreedmnu.shop/api |
Avira URL Cloud: Label: malware |
Source: http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll |
Avira URL Cloud: Label: malware |
Source: https://5.75.211.162/ |
Avira URL Cloud: Label: malware |
Source: http://46.8.231.109/c4754d4f680ead72.php=2% |
Avira URL Cloud: Label: malware |
Source: http://46.8.231.109/c4754d4f680ead72.php |
Avira URL Cloud: Label: malware |
Source: http://46.8.231.109/c4754d4f680ead72.phpY |
Avira URL Cloud: Label: malware |
Source: http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll |
Avira URL Cloud: Label: malware |
Source: http://46.8.231.109/c4754d4f680ead72.phpp |
Avira URL Cloud: Label: malware |
Source: 0000000F.00000002.2068496934.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: reinforcenh.shop |
Source: 0000000F.00000002.2068496934.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: stogeneratmns.shop |
Source: 0000000F.00000002.2068496934.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: fragnantbui.shop |
Source: 0000000F.00000002.2068496934.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: drawzhotdog.shop |
Source: 0000000F.00000002.2068496934.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: vozmeatillu.shop |
Source: 0000000F.00000002.2068496934.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: offensivedzvju.shop |
Source: 0000000F.00000002.2068496934.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: ghostreedmnu.shop |
Source: 0000000F.00000002.2068496934.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: gutterydhowi.shop |
Source: 0000000F.00000002.2068496934.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: ghostreedmnu.shop |
Source: 0000000F.00000002.2068496934.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 0000000F.00000002.2068496934.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: TeslaBrowser/5.5 |
Source: 0000000F.00000002.2068496934.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: - Screen Resoluton: |
Source: 0000000F.00000002.2068496934.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: - Physical Installed Memory: |
Source: 0000000F.00000002.2068496934.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: Workgroup: - |
Source: 0000000F.00000002.2068496934.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: H8NgCl-- |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00409B60 CryptUnprotectData,LocalAlloc,memcpy,LocalFree, |
2_2_00409B60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040C820 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcatA,lstrcatA,PK11_FreeSlot,lstrcatA, |
2_2_0040C820 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00407240 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree, |
2_2_00407240 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00409AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree, |
2_2_00409AC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00418EA0 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA, |
2_2_00418EA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C266C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer, |
2_2_6C266C80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C3BA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util, |
2_2_6C3BA9A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 8_2_004080A1 CryptUnprotectData,LocalAlloc,LocalFree, |
8_2_004080A1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 8_2_00408048 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree, |
8_2_00408048 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 8_2_00411E5D CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA, |
8_2_00411E5D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 8_2_0040A7D8 _memset,lstrlenA,CryptStringToBinaryA,_memmove,lstrcatA,lstrcatA, |
8_2_0040A7D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 8_2_6F886C80 CryptQueryObject,CryptMsgGetParam,CryptMsgGetParam,CertFindCertificateInStore,CertGetNameStringW,CertGetNameStringW,CertFreeCRLContext,CryptMsgClose,CertCloseStore,CryptQueryObject,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,GetLastError,CryptBinaryToStringW,GetLastError,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer, |
8_2_6F886C80 |
Source: unknown |
HTTPS traffic detected: 172.105.54.160:443 -> 192.168.2.4:49736 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49744 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.21.4.136:443 -> 192.168.2.4:59733 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:59734 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:59735 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:59736 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 172.67.162.108:443 -> 192.168.2.4:59737 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:59738 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:59739 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 172.67.208.139:443 -> 192.168.2.4:59740 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:59741 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.21.2.13:443 -> 192.168.2.4:59742 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:59743 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 5.75.211.162:443 -> 192.168.2.4:59744 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 172.105.54.160:443 -> 192.168.2.4:59768 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:59770 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.21.4.136:443 -> 192.168.2.4:59771 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:59774 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:59775 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:59778 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 172.67.162.108:443 -> 192.168.2.4:59779 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:59780 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:59781 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 172.67.208.139:443 -> 192.168.2.4:59782 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:59783 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.21.2.13:443 -> 192.168.2.4:59784 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:59785 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:59785 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 5.75.211.162:443 -> 192.168.2.4:59786 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 5.75.211.162:443 -> 192.168.2.4:59788 version: TLS 1.2 |
Source: |
Binary string: mozglue.pdbP source: RegAsm.exe, 00000002.00000002.2275826475.000000006C2CD000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 00000008.00000002.2678059158.000000006F8F5000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 00000008.00000002.2651469834.0000000028A32000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: freebl3.pdb source: RegAsm.exe, 00000008.00000002.2647454498.0000000022AD0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: freebl3.pdbp source: RegAsm.exe, 00000008.00000002.2647454498.0000000022AD0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: nss3.pdb@ source: RegAsm.exe, 00000002.00000002.2277574922.000000006C48F000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000008.00000002.2666048822.00000000407FA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: c:\rje\tg\obj\Release\ojc.pdb source: RegAsm.exe, 00000002.00000002.2264784834.0000000027493000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: softokn3.pdb@ source: RegAsm.exe, 00000008.00000002.2659124356.0000000034917000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: RegAsm.exe, 00000008.00000002.2662426483.000000003A886000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: RegAsm.exe, 00000008.00000002.2655574798.000000002E9A6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: nss3.pdb source: RegAsm.exe, 00000002.00000002.2277574922.000000006C48F000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000008.00000002.2666048822.00000000407FA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mozglue.pdb source: RegAsm.exe, 00000002.00000002.2275826475.000000006C2CD000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 00000008.00000002.2678059158.000000006F8F5000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 00000008.00000002.2651469834.0000000028A32000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000008.00000002.2637148462.000000001C6C1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000008.00000002.2646668431.0000000022638000.00000002.00001000.00020000.00000000.sdmp |
Source: |
Binary string: softokn3.pdb source: RegAsm.exe, 00000008.00000002.2659124356.0000000034917000.00000004.00000020.00020000.00000000.sdmp |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA, |
2_2_0040E430 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00414910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, |
2_2_00414910 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose, |
2_2_0040BE70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_004016D0 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
2_2_004016D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
2_2_0040DA80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00413EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, |
2_2_00413EA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
2_2_0040F6B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_004138B0 wsprintfA,FindFirstFileA,lstrcatA,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcatA,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindNextFileA,FindClose, |
2_2_004138B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00414570 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA, |
2_2_00414570 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose, |
2_2_0040ED20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040DE10 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
2_2_0040DE10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 8_2_0041543D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, |
8_2_0041543D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 8_2_00414CC8 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,strtok_s,FindNextFileA,FindClose, |
8_2_00414CC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 8_2_00409D1C FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
8_2_00409D1C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 8_2_0040D5C6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
8_2_0040D5C6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 8_2_0040B5DF FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
8_2_0040B5DF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 8_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose, |
8_2_00401D80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 8_2_0040BF4D FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, |
8_2_0040BF4D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 8_2_00415FD1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, |
8_2_00415FD1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 8_2_0040B93F FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
8_2_0040B93F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 8_2_00415B0B GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA, |
8_2_00415B0B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 8_2_0040CD37 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose, |
8_2_0040CD37 |
Source: Network traffic |
Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49735 -> 46.8.231.109:80 |
Source: Network traffic |
Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49735 -> 46.8.231.109:80 |
Source: Network traffic |
Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 46.8.231.109:80 -> 192.168.2.4:49735 |
Source: Network traffic |
Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49735 -> 46.8.231.109:80 |
Source: Network traffic |
Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 46.8.231.109:80 -> 192.168.2.4:49735 |
Source: Network traffic |
Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49735 -> 46.8.231.109:80 |
Source: Network traffic |
Suricata IDS: 2056162 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ghostreedmnu .shop) : 192.168.2.4:59963 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056164 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gutterydhowi .shop) : 192.168.2.4:58800 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056165 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (gutterydhowi .shop in TLS SNI) : 192.168.2.4:59733 -> 104.21.4.136:443 |
Source: Network traffic |
Suricata IDS: 2056158 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vozmeatillu .shop) : 192.168.2.4:55609 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056152 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (stogeneratmns .shop) : 192.168.2.4:50252 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056156 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawzhotdog .shop) : 192.168.2.4:65535 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056163 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ghostreedmnu .shop in TLS SNI) : 192.168.2.4:49744 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2056150 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (reinforcenh .shop) : 192.168.2.4:63300 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056155 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fragnantbui .shop in TLS SNI) : 192.168.2.4:59738 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2056154 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fragnantbui .shop) : 192.168.2.4:61372 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056153 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (stogeneratmns .shop in TLS SNI) : 192.168.2.4:59739 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2056157 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawzhotdog .shop in TLS SNI) : 192.168.2.4:59737 -> 172.67.162.108:443 |
Source: Network traffic |
Suricata IDS: 2056151 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (reinforcenh .shop in TLS SNI) : 192.168.2.4:59740 -> 172.67.208.139:443 |
Source: Network traffic |
Suricata IDS: 2056160 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (offensivedzvju .shop) : 192.168.2.4:51917 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056163 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ghostreedmnu .shop in TLS SNI) : 192.168.2.4:59734 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2056159 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (vozmeatillu .shop in TLS SNI) : 192.168.2.4:59736 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2056161 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (offensivedzvju .shop in TLS SNI) : 192.168.2.4:59735 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2056165 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (gutterydhowi .shop in TLS SNI) : 192.168.2.4:59771 -> 104.21.4.136:443 |
Source: Network traffic |
Suricata IDS: 2056163 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ghostreedmnu .shop in TLS SNI) : 192.168.2.4:59774 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2056159 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (vozmeatillu .shop in TLS SNI) : 192.168.2.4:59778 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2056161 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (offensivedzvju .shop in TLS SNI) : 192.168.2.4:59775 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2056155 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fragnantbui .shop in TLS SNI) : 192.168.2.4:59780 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2056157 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawzhotdog .shop in TLS SNI) : 192.168.2.4:59779 -> 172.67.162.108:443 |
Source: Network traffic |
Suricata IDS: 2056163 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ghostreedmnu .shop in TLS SNI) : 192.168.2.4:59770 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2056153 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (stogeneratmns .shop in TLS SNI) : 192.168.2.4:59781 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054495 - Severity 1 - ET MALWARE Vidar Stealer Form Exfil : 192.168.2.4:59777 -> 45.132.206.251:80 |
Source: Network traffic |
Suricata IDS: 2056151 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (reinforcenh .shop in TLS SNI) : 192.168.2.4:59782 -> 172.67.208.139:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:59734 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:59734 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:59740 -> 172.67.208.139:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:59740 -> 172.67.208.139:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:59736 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:59742 -> 104.21.2.13:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:59742 -> 104.21.2.13:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49744 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:59739 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:59733 -> 104.21.4.136:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:59733 -> 104.21.4.136:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:59737 -> 172.67.162.108:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:59737 -> 172.67.162.108:443 |
Source: Network traffic |
Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.4:59748 -> 5.75.211.162:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:59739 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49744 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:59736 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 5.75.211.162:443 -> 192.168.2.4:59748 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:59735 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:59735 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:59738 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:59738 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 5.75.211.162:443 -> 192.168.2.4:59747 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:59770 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:59770 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:59771 -> 104.21.4.136:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:59771 -> 104.21.4.136:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:59775 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:59778 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:59775 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:59778 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:59779 -> 172.67.162.108:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:59779 -> 172.67.162.108:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:59780 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:59780 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:59782 -> 172.67.208.139:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:59782 -> 172.67.208.139:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:59781 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:59774 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:59781 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:59774 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 5.75.211.162:443 -> 192.168.2.4:59790 |
Source: Network traffic |
Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 5.75.211.162:443 -> 192.168.2.4:59789 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:59784 -> 104.21.2.13:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:59784 -> 104.21.2.13:443 |
Source: Malware configuration extractor |
URLs: http://46.8.231.109/c4754d4f680ead72.php |
Source: Malware configuration extractor |
URLs: reinforcenh.shop |
Source: Malware configuration extractor |
URLs: vozmeatillu.shop |
Source: Malware configuration extractor |
URLs: stogeneratmns.shop |
Source: Malware configuration extractor |
URLs: drawzhotdog.shop |
Source: Malware configuration extractor |
URLs: ghostreedmnu.shop |
Source: Malware configuration extractor |
URLs: fragnantbui.shop |
Source: Malware configuration extractor |
URLs: offensivedzvju.shop |
Source: Malware configuration extractor |
URLs: gutterydhowi.shop |
Source: Malware configuration extractor |
URLs: https://steamcommunity.com/profiles/76561199780418869 |