Source: 10.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: delaylacedmn.site |
Source: 10.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: writekdmsnu.site |
Source: 10.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: agentyanlark.site |
Source: 10.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: bellykmrebk.site |
Source: 10.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: underlinemdsj.site |
Source: 10.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: commandejorsk.site |
Source: 10.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: possiwreeste.site |
Source: 10.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: famikyjdiag.site |
Source: 10.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: possiwreeste.site |
Source: 10.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 10.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: TeslaBrowser/5.5 |
Source: 10.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: - Screen Resoluton: |
Source: 10.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: - Physical Installed Memory: |
Source: 10.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: Workgroup: - |
Source: 10.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: H8NgCl-- |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004080A1 CryptUnprotectData,LocalAlloc,LocalFree, |
3_2_004080A1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00408048 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree, |
3_2_00408048 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00411E5D CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA, |
3_2_00411E5D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040A7D8 _memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,_memmove,lstrcatA,PK11_FreeSlot,lstrcatA, |
3_2_0040A7D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_6C526C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer, |
3_2_6C526C80 |
Source: |
Binary string: freebl3.pdb source: RegAsm.exe, 00000003.00000002.2624921125.00000000207B7000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mozglue.pdbP source: RegAsm.exe, 00000003.00000002.2662400593.000000006C58D000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 00000003.00000002.2628819471.0000000026721000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000012.00000002.3067781475.000000006C7C5000.00000002.00000001.01000000.00000009.sdmp |
Source: |
Binary string: freebl3.pdbp source: RegAsm.exe, 00000003.00000002.2624921125.00000000207B7000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: nss3.pdb@ source: RegAsm.exe, 00000003.00000002.2652017449.000000003E4EB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2665362322.000000006C74F000.00000002.00000001.01000000.00000008.sdmp |
Source: |
Binary string: softokn3.pdb@ source: RegAsm.exe, 00000003.00000002.2645077224.000000003260A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: RegAsm.exe, 00000003.00000002.2649143006.0000000038576000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: RegAsm.exe, 00000003.00000002.2640919241.000000002C69B000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: nss3.pdb source: RegAsm.exe, 00000003.00000002.2652017449.000000003E4EB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2665362322.000000006C74F000.00000002.00000001.01000000.00000008.sdmp |
Source: |
Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000003.00000002.2622122875.0000000020358000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2603031796.000000001A3EA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000E.00000002.2881426007.000000002264B000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000001B.00000002.2787844428.00000000228AB000.00000002.00001000.00020000.00000000.sdmp |
Source: |
Binary string: mozglue.pdb source: RegAsm.exe, 00000003.00000002.2662400593.000000006C58D000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 00000003.00000002.2628819471.0000000026721000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000012.00000002.3067781475.000000006C7C5000.00000002.00000001.01000000.00000009.sdmp |
Source: |
Binary string: softokn3.pdb source: RegAsm.exe, 00000003.00000002.2645077224.000000003260A000.00000004.00000020.00020000.00000000.sdmp |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0041543D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, |
3_2_0041543D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00414CC8 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,strtok_s,FindNextFileA,FindClose, |
3_2_00414CC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00409D1C FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
3_2_00409D1C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040D5C6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
3_2_0040D5C6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040B5DF FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
3_2_0040B5DF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose, |
3_2_00401D80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040BF4D FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, |
3_2_0040BF4D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00415FD1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, |
3_2_00415FD1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040B93F FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
3_2_0040B93F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00415B0B GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA, |
3_2_00415B0B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040CD37 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose, |
3_2_0040CD37 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr fs:[00000030h] |
3_2_004014AD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov dword ptr [ebp-04h], eax |
3_2_004014AD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp ecx |
10_2_0040F242 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-28h] |
10_2_0040F242 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx edx, byte ptr [ecx+eax] |
10_2_0040F940 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
10_2_0040F940 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-10h] |
10_2_004109FD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 2EE0190Fh |
10_2_00446C3F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 68677325h |
10_2_00446C3F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
10_2_00446C3F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp eax |
10_2_0040ED69 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then lea edx, dword ptr [eax+edi] |
10_2_0040FEA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-10h] |
10_2_0040FEA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov ecx, ebp |
10_2_00422063 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esi+7Ch] |
10_2_00434060 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ecx], al |
10_2_00434060 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx edi, byte ptr [ecx+esi] |
10_2_00407070 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+44h] |
10_2_0044716D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 77A9E0C4h |
10_2_00440118 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+44h] |
10_2_0044711B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esi+7Ch] |
10_2_00434136 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ecx], al |
10_2_00434136 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+10h] |
10_2_0042A1F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
10_2_0041518E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 54CA534Eh |
10_2_00448190 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esi+000004F0h] |
10_2_00433240 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [edi], al |
10_2_00433240 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [edi], al |
10_2_00433240 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [edi], al |
10_2_00433240 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+000001B8h] |
10_2_0041325D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], dx |
10_2_00422260 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp eax |
10_2_004492C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
10_2_00425320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov dword ptr [esp], 00000000h |
10_2_0041B330 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov ebx, eax |
10_2_0040A3F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov ebp, eax |
10_2_0040A3F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx ecx, word ptr [edi+eax] |
10_2_00448390 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov edi, ebx |
10_2_00430399 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp eax |
10_2_00449410 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 1B788DCFh |
10_2_00444480 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
10_2_004354A6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [esi], ax |
10_2_0041F552 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+00000110h] |
10_2_0041F552 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 0633C81Dh |
10_2_00445580 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 77A9E0C4h |
10_2_00440580 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp eax |
10_2_00449580 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], dx |
10_2_00422673 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h |
10_2_0044A610 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
10_2_004296C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
10_2_004446C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], dx |
10_2_0042268A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp eax |
10_2_00449690 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h |
10_2_004276A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h] |
10_2_00408750 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, edi |
10_2_0042F700 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then shrd esi, edx, 00000001h |
10_2_00403710 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
10_2_00431720 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 77DD2217h |
10_2_00420729 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then lea eax, dword ptr [ebp+04h] |
10_2_004407E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp eax |
10_2_00449780 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h |
10_2_0044A7A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov dword ptr [esp+24h], DEC6D8DEh |
10_2_00430810 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 3BABA5E0h |
10_2_00444960 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], cx |
10_2_00427900 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 81105F7Ah |
10_2_0044A920 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp eax |
10_2_00449A40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
10_2_0040DA90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, edi |
10_2_0042FAA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+edi] |
10_2_00404B60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 0633C81Dh |
10_2_00444B60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp ecx |
10_2_00413B7C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+18h] |
10_2_0042DB00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov ecx, dword ptr [edi+eax] |
10_2_0042DB00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp di, 005Ch |
10_2_0041FB39 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+68h] |
10_2_0041FB39 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
10_2_0043BBB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 0633C81Dh |
10_2_00448C40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+ebx] |
10_2_00405C20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
10_2_00422C90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx eax, word ptr [esi+ecx] |
10_2_00441D40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h |
10_2_0041DD55 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h |
10_2_00421DC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], dx |
10_2_00421DC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
10_2_00414D8D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
10_2_0040DE20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp eax |
10_2_0042CEC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov esi, eax |
10_2_00431ED0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx edi, word ptr [esi] |
10_2_00429EE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h |
10_2_00421DC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], dx |
10_2_00421DC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
10_2_00428FF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], cx |
10_2_00428FF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+000005A8h] |
10_2_00420F8A |
Source: Network traffic |
Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.6:49721 -> 5.42.101.62:80 |
Source: Network traffic |
Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 5.42.101.62:80 -> 192.168.2.6:49721 |
Source: Network traffic |
Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 5.42.101.62:80 -> 192.168.2.6:49721 |
Source: Network traffic |
Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.6:49727 -> 46.8.231.109:80 |
Source: Network traffic |
Suricata IDS: 2054495 - Severity 1 - ET MALWARE Vidar Stealer Form Exfil : 192.168.2.6:49728 -> 45.132.206.251:80 |
Source: Network traffic |
Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.6:49727 -> 46.8.231.109:80 |
Source: Network traffic |
Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 46.8.231.109:80 -> 192.168.2.6:49727 |
Source: Network traffic |
Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.6:49727 -> 46.8.231.109:80 |
Source: Network traffic |
Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 46.8.231.109:80 -> 192.168.2.6:49727 |
Source: Network traffic |
Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.6:49727 -> 46.8.231.109:80 |
Source: Network traffic |
Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 5.42.101.62:80 -> 192.168.2.6:49736 |
Source: Network traffic |
Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 5.42.101.62:80 -> 192.168.2.6:49736 |
Source: Network traffic |
Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 5.42.101.62:80 -> 192.168.2.6:49742 |
Source: Network traffic |
Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 5.42.101.62:80 -> 192.168.2.6:49742 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49726 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49726 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49724 -> 104.21.1.169:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49724 -> 104.21.1.169:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49740 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49740 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49735 -> 172.67.205.129:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49735 -> 172.67.205.129:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49737 -> 172.67.205.129:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49737 -> 172.67.205.129:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49738 -> 104.21.1.169:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49738 -> 104.21.1.169:443 |