Source: 00000003.00000002.2264360236.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: reinforcenh.shop |
Source: 00000003.00000002.2264360236.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: stogeneratmns.shop |
Source: 00000003.00000002.2264360236.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: fragnantbui.shop |
Source: 00000003.00000002.2264360236.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: drawzhotdog.shop |
Source: 00000003.00000002.2264360236.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: vozmeatillu.shop |
Source: 00000003.00000002.2264360236.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: offensivedzvju.shop |
Source: 00000003.00000002.2264360236.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: ghostreedmnu.shop |
Source: 00000003.00000002.2264360236.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: gutterydhowi.shop |
Source: 00000003.00000002.2264360236.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: lootebarrkeyn.shop |
Source: 00000003.00000002.2264360236.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 00000003.00000002.2264360236.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: TeslaBrowser/5.5 |
Source: 00000003.00000002.2264360236.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: - Screen Resoluton: |
Source: 00000003.00000002.2264360236.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: - Physical Installed Memory: |
Source: 00000003.00000002.2264360236.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: Workgroup: - |
Source: 00000003.00000002.2264360236.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String decryptor: FATE99-- |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then xor eax, eax | 3_2_0040F042 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [edi], al | 3_2_00412450 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esi+08h] | 3_2_00412450 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esi+08h] | 3_2_00412450 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [edi], al | 3_2_00412450 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 3_2_0040D470 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp dword ptr [ebx+edx*8], 77A9E0C4h | 3_2_004404AB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], 68677325h | 3_2_00447AC9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 3_2_00447AC9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp+14h] | 3_2_00447D38 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], 2EE0190Fh | 3_2_00447E1B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov edi, esi | 3_2_00401000 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h | 3_2_0044B010 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 3_2_00425030 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then add ecx, dword ptr [esp+eax*4+30h] | 3_2_0040C1C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h | 3_2_0044B1A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov word ptr [eax], cx | 3_2_00427230 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp+08h] | 3_2_004452E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esi+04h] | 3_2_004142E4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 81105F7Ah | 3_2_0044B320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h] | 3_2_00407450 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then movzx eax, word ptr [esi+ecx] | 3_2_00442410 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 3_2_0044B430 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h | 3_2_004314A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 3_2_0044A510 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [edi], cl | 3_2_00435519 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [ebx], al | 3_2_00433623 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], 0633C81Dh | 3_2_00449620 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [ebx], al | 3_2_00434629 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp byte ptr [esi+01h], 00000000h | 3_2_0040F63A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp byte ptr [ebx], 00000000h | 3_2_00414692 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp+00000668h] | 3_2_0041E71A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], 77DD2217h | 3_2_0041E71A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp byte ptr [esi+01h], 00000000h | 3_2_0040F7E3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp byte ptr [esi+01h], 00000000h | 3_2_0040F807 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esi+000001C8h] | 3_2_00432830 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esi+00000198h] | 3_2_00432830 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [edi], al | 3_2_00432830 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [ebx], al | 3_2_00432830 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [ebx], al | 3_2_00432830 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [ebx], al | 3_2_004338C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [ebx], al | 3_2_004338C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [ebx], al | 3_2_004338C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [ebx], al | 3_2_004338C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [edi], al | 3_2_004338C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [edi], al | 3_2_004338C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [edi], al | 3_2_004338C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [ebx], al | 3_2_004338C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp dword ptr [ebx+edx*8], 77A9E0C4h | 3_2_004408E6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp+14h] | 3_2_00444970 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp+00000884h] | 3_2_00429978 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [edi], al | 3_2_00434990 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [ebx], al | 3_2_00434990 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [edi], al | 3_2_00434990 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [ebp-10h] | 3_2_00420A70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp dword ptr [ebx+edx*8], 77A9E0C4h | 3_2_00440A70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp+10h] | 3_2_0040FA20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then movzx edx, byte ptr [ecx+eax] | 3_2_0040FA20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 3_2_0040FA20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], CECD21FDh | 3_2_0042CAD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], CECD21FDh | 3_2_0042CAD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 3_2_00421AD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp dword ptr [ebx+edx*8], 1B788DCFh | 3_2_00444BC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov dword ptr [esp], 00000000h | 3_2_0041AB90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], 54CA534Eh | 3_2_00448B90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov ebx, dword ptr [edi+04h] | 3_2_00430CC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then movzx edx, byte ptr [esi+ebx] | 3_2_00405CF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then movzx edx, byte ptr [esi+edi] | 3_2_00404CB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [ebp-10h] | 3_2_00449D22 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], 0633C81Dh | 3_2_00445DE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then movzx ecx, word ptr [edi+eax] | 3_2_00448D80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [ebp-18h] | 3_2_0042FE26 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [ebp-14h] | 3_2_0042FE26 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then add ebx, 02h | 3_2_00413EEC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esi+04h] | 3_2_00413EEC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then dec ebx | 3_2_0043FE90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h | 3_2_00426FC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then jmp dword ptr [004521ECh] | 3_2_0041FFD8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp byte ptr [esi+eax+01h], 00000000h | 3_2_0042DFE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then movzx ebx, byte ptr [edx] | 3_2_0043BFF0 |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Code function: 1_2_02B60C40 | 1_2_02B60C40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_004404AB | 3_2_004404AB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_00447D38 | 3_2_00447D38 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_00401000 | 3_2_00401000 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_004480B0 | 3_2_004480B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_00449120 | 3_2_00449120 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_0040C1C0 | 3_2_0040C1C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_0042D250 | 3_2_0042D250 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_0040A231 | 3_2_0040A231 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_0044A230 | 3_2_0044A230 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_004012C7 | 3_2_004012C7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_004452E0 | 3_2_004452E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_00415352 | 3_2_00415352 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_004103A8 | 3_2_004103A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_00407450 | 3_2_00407450 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_00405470 | 3_2_00405470 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_00409402 | 3_2_00409402 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_0044A510 | 3_2_0044A510 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_004115B0 | 3_2_004115B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_0041D610 | 3_2_0041D610 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_00449620 | 3_2_00449620 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_0040A6E0 | 3_2_0040A6E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_0040B6B0 | 3_2_0040B6B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_0043F700 | 3_2_0043F700 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_0041E71A | 3_2_0041E71A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_0044B720 | 3_2_0044B720 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_004087F0 | 3_2_004087F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_00428833 | 3_2_00428833 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_004338C0 | 3_2_004338C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_004408E6 | 3_2_004408E6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_004038A0 | 3_2_004038A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_00434990 | 3_2_00434990 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_0040ABA0 | 3_2_0040ABA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_0042EBBC | 3_2_0042EBBC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_00437CD0 | 3_2_00437CD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_00449D22 | 3_2_00449D22 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_00407E50 | 3_2_00407E50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_00427E6C | 3_2_00427E6C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_00437F30 | 3_2_00437F30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_0042DFE0 | 3_2_0042DFE0 |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: aclayers.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sfc.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sfc_os.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: webio.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\FoS5cjKhd3.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: Amcache.hve.7.dr | Binary or memory string: VMware |
Source: Amcache.hve.7.dr | Binary or memory string: VMware Virtual USB Mouse |
Source: RegAsm.exe, 00000003.00000002.2264764815.0000000000E0F000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW:q |
Source: Amcache.hve.7.dr | Binary or memory string: vmci.syshbin |
Source: Amcache.hve.7.dr | Binary or memory string: VMware, Inc. |
Source: Amcache.hve.7.dr | Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.7.dr | Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.7.dr | Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.7.dr | Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.7.dr | Binary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20 |
Source: RegAsm.exe, 00000003.00000002.2264764815.0000000000DE7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2264764815.0000000000E0F000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
Source: Amcache.hve.7.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.7.dr | Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.7.dr | Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.7.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.7.dr | Binary or memory string: vmci.sys |
Source: Amcache.hve.7.dr | Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.7.dr | Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.7.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.7.dr | Binary or memory string: VMware20,1 |
Source: Amcache.hve.7.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.7.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.7.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.7.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.7.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.7.dr | Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.7.dr | Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.7.dr | Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.7.dr | Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.7.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.7.dr | Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: FoS5cjKhd3.exe, 00000001.00000002.2205251595.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: reinforcenh.shop |
Source: FoS5cjKhd3.exe, 00000001.00000002.2205251595.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: stogeneratmns.shop |
Source: FoS5cjKhd3.exe, 00000001.00000002.2205251595.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: fragnantbui.shop |
Source: FoS5cjKhd3.exe, 00000001.00000002.2205251595.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: drawzhotdog.shop |
Source: FoS5cjKhd3.exe, 00000001.00000002.2205251595.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: vozmeatillu.shop |
Source: FoS5cjKhd3.exe, 00000001.00000002.2205251595.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: offensivedzvju.shop |
Source: FoS5cjKhd3.exe, 00000001.00000002.2205251595.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: ghostreedmnu.shop |
Source: FoS5cjKhd3.exe, 00000001.00000002.2205251595.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: gutterydhowi.shop |
Source: FoS5cjKhd3.exe, 00000001.00000002.2205251595.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: lootebarrkeyn.shop |