Source: 9.2.RegAsm.exe.400000.0.unpack |
String decryptor: absorptioniw.site |
Source: 9.2.RegAsm.exe.400000.0.unpack |
String decryptor: mysterisop.site |
Source: 9.2.RegAsm.exe.400000.0.unpack |
String decryptor: snarlypagowo.site |
Source: 9.2.RegAsm.exe.400000.0.unpack |
String decryptor: treatynreit.site |
Source: 9.2.RegAsm.exe.400000.0.unpack |
String decryptor: chorusarorp.site |
Source: 9.2.RegAsm.exe.400000.0.unpack |
String decryptor: abnomalrkmu.site |
Source: 9.2.RegAsm.exe.400000.0.unpack |
String decryptor: soldiefieop.site |
Source: 9.2.RegAsm.exe.400000.0.unpack |
String decryptor: questionsmw.stor |
Source: 9.2.RegAsm.exe.400000.0.unpack |
String decryptor: chorusarorp.site |
Source: 9.2.RegAsm.exe.400000.0.unpack |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 9.2.RegAsm.exe.400000.0.unpack |
String decryptor: TeslaBrowser/5.5 |
Source: 9.2.RegAsm.exe.400000.0.unpack |
String decryptor: - Screen Resoluton: |
Source: 9.2.RegAsm.exe.400000.0.unpack |
String decryptor: - Physical Installed Memory: |
Source: 9.2.RegAsm.exe.400000.0.unpack |
String decryptor: Workgroup: - |
Source: 9.2.RegAsm.exe.400000.0.unpack |
String decryptor: H8NgCl-- |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_004080A1 CryptUnprotectData,LocalAlloc,LocalFree, |
2_2_004080A1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00408048 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree, |
2_2_00408048 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00411E5D CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA, |
2_2_00411E5D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040A7D8 _memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,_memmove,lstrcatA,PK11_FreeSlot,lstrcatA, |
2_2_0040A7D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C116C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer, |
2_2_6C116C80 |
Source: unknown |
HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49738 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.4:49740 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.4:49753 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.21.77.132:443 -> 192.168.2.4:49766 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49767 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 172.67.152.190:443 -> 192.168.2.4:49769 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 172.67.184.196:443 -> 192.168.2.4:49770 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.21.18.193:443 -> 192.168.2.4:49772 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.21.21.3:443 -> 192.168.2.4:49774 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.21.17.174:443 -> 192.168.2.4:49776 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49778 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.21.16.12:443 -> 192.168.2.4:49779 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49783 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.21.77.132:443 -> 192.168.2.4:49784 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49786 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.4:49785 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 172.67.152.190:443 -> 192.168.2.4:49787 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 172.67.184.196:443 -> 192.168.2.4:49789 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.21.18.193:443 -> 192.168.2.4:49791 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.21.21.3:443 -> 192.168.2.4:49792 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.21.17.174:443 -> 192.168.2.4:49794 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49796 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.21.16.12:443 -> 192.168.2.4:49798 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 23.67.133.187:443 -> 192.168.2.4:49802 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.4:49803 version: TLS 1.2 |
Source: |
Binary string: freebl3.pdb source: RegAsm.exe, 00000002.00000002.2367073275.00000000204D6000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, freebl3[1].dll.15.dr |
Source: |
Binary string: mozglue.pdbP source: RegAsm.exe, 00000002.00000002.2372826674.0000000026447000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2404569531.000000006C17D000.00000002.00000001.01000000.00000009.sdmp, mozglue.dll.2.dr |
Source: |
Binary string: freebl3.pdbp source: RegAsm.exe, 00000002.00000002.2367073275.00000000204D6000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, freebl3[1].dll.15.dr |
Source: |
Binary string: nss3.pdb@ source: RegAsm.exe, 00000002.00000002.2407833622.000000006C33F000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000002.00000002.2394990249.000000003E206000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.2.dr |
Source: |
Binary string: softokn3.pdb@ source: RegAsm.exe, 00000002.00000002.2382470007.0000000032328000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.15.dr, softokn3.dll.2.dr |
Source: |
Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: RegAsm.exe, 00000002.00000002.2391775169.0000000038294000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.2.dr, vcruntime140[1].dll.15.dr |
Source: |
Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: RegAsm.exe, 00000002.00000002.2378816613.000000002C3B4000.00000004.00000020.00020000.00000000.sdmp, msvcp140[1].dll.15.dr, msvcp140.dll.2.dr |
Source: |
Binary string: nss3.pdb source: RegAsm.exe, 00000002.00000002.2407833622.000000006C33F000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000002.00000002.2394990249.000000003E206000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.2.dr |
Source: |
Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000002.00000002.2348492649.000000001A0D1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2366338106.0000000020048000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000C.00000002.2757991017.000000001FD6B000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000001B.00000002.2603682116.000000002270B000.00000002.00001000.00020000.00000000.sdmp |
Source: |
Binary string: mozglue.pdb source: RegAsm.exe, 00000002.00000002.2372826674.0000000026447000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2404569531.000000006C17D000.00000002.00000001.01000000.00000009.sdmp, mozglue.dll.2.dr |
Source: |
Binary string: softokn3.pdb source: RegAsm.exe, 00000002.00000002.2382470007.0000000032328000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.15.dr, softokn3.dll.2.dr |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0041543D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, |
2_2_0041543D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00414CC8 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,strtok_s,FindNextFileA,FindClose, |
2_2_00414CC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00409D1C FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
2_2_00409D1C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040D5C6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
2_2_0040D5C6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040B5DF FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
2_2_0040B5DF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose, |
2_2_00401D80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040BF4D FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, |
2_2_0040BF4D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00415FD1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, |
2_2_00415FD1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040B93F FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
2_2_0040B93F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00415B0B GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA, |
2_2_00415B0B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040CD37 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose, |
2_2_0040CD37 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr fs:[00000030h] |
2_2_004014AD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov dword ptr [ebp-04h], eax |
2_2_004014AD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 64567875h |
9_2_00444040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov dword ptr [esp+08h], ecx |
9_2_00401000 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov dword ptr [esp], 00000000h |
9_2_0041B000 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], dx |
9_2_004210D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+08h] |
9_2_0041508C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov dword ptr [esp+50h], 00000000h |
9_2_0041508C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h |
9_2_004480A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
9_2_004300B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
9_2_00429140 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+00000688h] |
9_2_0041D1D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h |
9_2_0041F1D6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
9_2_0044518B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov dword ptr [esp+18h], 3602043Ah |
9_2_0042F1B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], cx |
9_2_00427250 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], cx |
9_2_00427250 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx esi, byte ptr [edx+eax-01h] |
9_2_0040C210 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx edx, word ptr [esp+eax*4+000000ACh] |
9_2_0040C210 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov dword ptr [esp+34h], edx |
9_2_004012F2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [edx], ax |
9_2_0042A280 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+08h] |
9_2_00414294 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
9_2_0042D295 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+24h] |
9_2_0042D295 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+20h] |
9_2_00416319 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
9_2_00433335 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [edi], al |
9_2_00433335 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then dec ebx |
9_2_0043F3F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx ecx, word ptr [edi] |
9_2_0042A3A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+14h] |
9_2_0042A3A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], dx |
9_2_004214D3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
9_2_0042D4D4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+24h] |
9_2_0042D4D4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], D518DBA1h |
9_2_0043F4E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], D1A85EEEh |
9_2_0043F4E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov word ptr [eax], dx |
9_2_004214EA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+08h] |
9_2_00416574 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+24h] |
9_2_0042C510 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [edi], al |
9_2_00431670 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [edi], al |
9_2_00431670 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [edi], al |
9_2_00431670 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [edi], al |
9_2_00431670 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [edi], al |
9_2_00431670 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
9_2_00431670 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [edi], al |
9_2_00431670 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+000000D0h] |
9_2_0041D672 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh |
9_2_00447630 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp al, 2Eh |
9_2_0042C6E1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
9_2_0042C6E1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov ebx, eax |
9_2_0040A680 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov ebp, eax |
9_2_0040A680 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx eax, word ptr [esi+ecx] |
9_2_004416A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+000000D0h] |
9_2_0041D733 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+08h] |
9_2_00416866 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+68h] |
9_2_00447820 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
9_2_0042B830 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then xor eax, eax |
9_2_0042B830 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp eax |
9_2_0042A8A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-000000C0h] |
9_2_0040F917 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esi+08h] |
9_2_00412920 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esi+00000080h] |
9_2_00412920 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
9_2_00412920 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp dword ptr [00451A70h] |
9_2_0042E927 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
9_2_0043B9F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+24h] |
9_2_0042DA0A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh |
9_2_00449A10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp byte ptr [ebp+ebx+00h], 00000000h |
9_2_0042DB4B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+edi] |
9_2_00404B50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h |
9_2_00443B60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp dword ptr [0045042Ch] |
9_2_0041FB73 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
9_2_00446BE5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov esi, ebx |
9_2_00448BE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
9_2_00433BFE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
9_2_00433BFE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh |
9_2_00449BA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+54h] |
9_2_0041FBB1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h |
9_2_00420C4C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
9_2_00446C5A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+ebx] |
9_2_00405C00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
9_2_0040FC00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h |
9_2_00444C90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 69F07BF2h |
9_2_00427D03 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp word ptr [ecx+edx+02h], 0000h |
9_2_00449D20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh |
9_2_00449D20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp eax, C0000004h |
9_2_0041DDFF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
9_2_00443DA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
9_2_0042EE40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp eax |
9_2_00415E11 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx eax, byte ptr [ebx+edx-06h] |
9_2_00406E30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then movzx esi, byte ptr [edx+ebp] |
9_2_00406E30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov esi, ebx |
9_2_00448F50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
9_2_0040DFC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov eax, dword ptr [esp+10h] |
9_2_0040DFC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h |
9_2_00426FF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
9_2_00433F92 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
9_2_00433F92 |
Source: Network traffic |
Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49775 -> 46.8.231.109:80 |
Source: Network traffic |
Suricata IDS: 2054495 - Severity 1 - ET MALWARE Vidar Stealer Form Exfil : 192.168.2.4:49777 -> 45.132.206.251:80 |
Source: Network traffic |
Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49775 -> 46.8.231.109:80 |
Source: Network traffic |
Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 46.8.231.109:80 -> 192.168.2.4:49775 |
Source: Network traffic |
Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49775 -> 46.8.231.109:80 |
Source: Network traffic |
Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 46.8.231.109:80 -> 192.168.2.4:49775 |
Source: Network traffic |
Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49775 -> 46.8.231.109:80 |
Source: Network traffic |
Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 49.12.197.9:443 -> 192.168.2.4:49744 |
Source: Network traffic |
Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.4:49742 -> 49.12.197.9:443 |
Source: Network traffic |
Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 49.12.197.9:443 -> 192.168.2.4:49743 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49779 -> 104.21.16.12:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49767 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49779 -> 104.21.16.12:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49767 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49776 -> 104.21.17.174:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49786 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49786 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49776 -> 104.21.17.174:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49770 -> 172.67.184.196:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49792 -> 104.21.21.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49770 -> 172.67.184.196:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49772 -> 104.21.18.193:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49798 -> 104.21.16.12:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49792 -> 104.21.21.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49772 -> 104.21.18.193:443 |
Source: Network traffic |
Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 49.12.197.9:443 -> 192.168.2.4:49795 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49798 -> 104.21.16.12:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49791 -> 104.21.18.193:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49791 -> 104.21.18.193:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49766 -> 104.21.77.132:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49784 -> 104.21.77.132:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49784 -> 104.21.77.132:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49787 -> 172.67.152.190:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49787 -> 172.67.152.190:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49766 -> 104.21.77.132:443 |
Source: Network traffic |
Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 49.12.197.9:443 -> 192.168.2.4:49793 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49794 -> 104.21.17.174:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49794 -> 104.21.17.174:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49774 -> 104.21.21.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49774 -> 104.21.21.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49789 -> 172.67.184.196:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49789 -> 172.67.184.196:443 |
Source: Network traffic |
Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 49.12.197.9:443 -> 192.168.2.4:49806 |
Source: Network traffic |
Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 49.12.197.9:443 -> 192.168.2.4:49807 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49769 -> 172.67.152.190:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49769 -> 172.67.152.190:443 |