Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov byte ptr [edi], dl |
0_2_001EE020 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov edi, dword ptr [esp+38h] |
0_2_001E8070 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov dword ptr [esp], 00000000h |
0_2_001DC080 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then push 2CCA4B49h |
0_2_001CC144 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx edi, byte ptr [esi+ecx-43CF5BD5h] |
0_2_001F02BA |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 87573896h |
0_2_002042E0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then jmp ecx |
0_2_001EA3A5 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp byte ptr [ebx+eax], 00000000h |
0_2_001DC3E0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], 03BA5404h |
0_2_001FE4F0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov byte ptr [edi], cl |
0_2_001EE56A |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], 07E776F1h |
0_2_001FE650 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then jmp ecx |
0_2_001DC673 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov edi, ecx |
0_2_001CE672 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov word ptr [eax], cx |
0_2_001DE6E0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then jmp eax |
0_2_001CE7A8 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then push esi |
0_2_001EA813 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx ecx, byte ptr [esi+eax+74h] |
0_2_001F0892 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx ecx, byte ptr [esi+eax+74h] |
0_2_001F0892 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [ebx+esi*8], 62429966h |
0_2_001FE9A0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h |
0_2_001EC9F2 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx edi, byte ptr [ecx+esi] |
0_2_001C4A90 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then jmp dword ptr [0044EF6Ch] |
0_2_001EAAD8 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [ecx+edi*8], FFFF4170h |
0_2_00204B30 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h |
0_2_001EAB28 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx edx, byte ptr [esp+eax-2D586584h] |
0_2_001FABBD |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx ecx, byte ptr [esp+eax+312BE668h] |
0_2_001FEBC0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 7B3AFDABh |
0_2_001FEBC0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx eax, word ptr [esi+ecx] |
0_2_001FCD00 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx esi, byte ptr [esp+eax-0000008Dh] |
0_2_001CAD60 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [edi+esi*8], 53F09CFAh |
0_2_001DCE13 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h |
0_2_001DCE13 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h |
0_2_001DCE13 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [edx+ecx*8], C59B8BCBh |
0_2_00204E00 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx ebp, word ptr [eax] |
0_2_00204E00 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then lea eax, dword ptr [esp+48h] |
0_2_001E8E5D |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov esi, dword ptr [esp+18h] |
0_2_001BEF00 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx esi, byte ptr [esp+ecx-1Eh] |
0_2_001CCFC0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then push eax |
0_2_00200FD0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 731CDBF3h |
0_2_001FEFE0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx ecx, byte ptr [esp+eax+5715E8D1h] |
0_2_001FEFE0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
0_2_001ED1F0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov word ptr [eax], dx |
0_2_001E31E2 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov ecx, ebx |
0_2_001E31E2 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx edx, byte ptr [edi+eax-17h] |
0_2_001E31E2 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h |
0_2_001E5250 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h |
0_2_001E9400 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [edi+esi*8], C85F7986h |
0_2_001E9400 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-3643ABD5h] |
0_2_001EB430 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov edx, ecx |
0_2_001E7490 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+ebx] |
0_2_001C35F0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then jmp eax |
0_2_002017E4 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx edi, byte ptr [esp+eax+14h] |
0_2_001CB7C0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx edi, byte ptr [esp+ebx+04h] |
0_2_001CB7C0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx ecx, byte ptr [esp+eax-73239D8Bh] |
0_2_001E97F0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
0_2_001F77F0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h |
0_2_001ED800 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx edi, byte ptr [ecx] |
0_2_001CD843 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx edx, byte ptr [ebp+esi-1Eh] |
0_2_002018B5 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov eax, ebx |
0_2_001CD8F6 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp word ptr [esi+ecx+02h], 0000h |
0_2_001DFA3E |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp byte ptr [edi+ecx], 00000000h |
0_2_00203B77 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then jmp ecx |
0_2_00203EC4 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], 07E776F1h |
0_2_001EBF45 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then lea edi, dword ptr [esp+04h] |
0_2_001EBF45 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov word ptr [eax], cx |
0_2_001EBFD7 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov word ptr [esi], cx |
0_2_001DFFF7 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then jmp edi |
0_2_00201FD2 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then jmp eax |
3_2_004438E4 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx edx, byte ptr [ebp+esi-1Eh] |
3_2_004439B5 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx edx, byte ptr [esp+eax-2D586584h] |
3_2_0043CCC5 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then jmp edi |
3_2_00443D4F |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx esi, byte ptr [esp+eax-0000008Dh] |
3_2_0040CE60 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], 07E776F1h |
3_2_0042E049 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then lea edi, dword ptr [esp+04h] |
3_2_0042E049 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov esi, dword ptr [esp+18h] |
3_2_00401000 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx esi, byte ptr [esp+ecx-1Eh] |
3_2_0040F0C0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then push eax |
3_2_004430D0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov word ptr [eax], cx |
3_2_0042E0D7 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 731CDBF3h |
3_2_004410E0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx ecx, byte ptr [esp+eax+5715E8D1h] |
3_2_004410E0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx edi, byte ptr [esi+ecx-43CF5BD5h] |
3_2_004320A3 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov byte ptr [edi], dl |
3_2_00430120 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov byte ptr [edi], cl |
3_2_00430120 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov dword ptr [esp], 00000000h |
3_2_0041E180 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then push 2CCA4B49h |
3_2_0040E244 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov word ptr [eax], dx |
3_2_004252E2 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov ecx, ebx |
3_2_004252E2 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx edx, byte ptr [edi+eax-17h] |
3_2_004252E2 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then jmp ecx |
3_2_0042C2EE |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
3_2_0042F2F0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp byte ptr [edi+ecx], 00000000h |
3_2_004452A0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then jmp ecx |
3_2_004452A0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h |
3_2_00427350 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov edx, ecx |
3_2_00429370 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov edi, dword ptr [esp+38h] |
3_2_00429370 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 87573896h |
3_2_004463E0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp byte ptr [edi+ecx], 00000000h |
3_2_004453F0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then jmp ecx |
3_2_004453F0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp byte ptr [ebx+eax], 00000000h |
3_2_0041E4E0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h |
3_2_0042B500 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [edi+esi*8], C85F7986h |
3_2_0042B500 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov edx, ecx |
3_2_00429500 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-3643ABD5h] |
3_2_0042D530 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], 03BA5404h |
3_2_004405F0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp byte ptr [edi+ecx], 00000000h |
3_2_004455B0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then jmp ecx |
3_2_004455B0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then jmp ecx |
3_2_0041E670 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+ebx] |
3_2_004056F0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], 07E776F1h |
3_2_00440750 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov edi, ecx |
3_2_00410772 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp byte ptr [edi+ecx], 00000000h |
3_2_00445700 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then jmp ecx |
3_2_00445700 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h |
3_2_0042E7C2 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov word ptr [eax], cx |
3_2_004207E0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp byte ptr [edi+ecx], 00000000h |
3_2_004457F0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then jmp ecx |
3_2_004457F0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx edi, byte ptr [ecx] |
3_2_0040F819 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then mov eax, ebx |
3_2_0040F819 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx edi, byte ptr [esp+eax+14h] |
3_2_0040D8C0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx edi, byte ptr [esp+ebx+04h] |
3_2_0040D8C0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx ecx, byte ptr [esp+eax-73239D8Bh] |
3_2_0042B8F0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
3_2_004398F0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then jmp eax |
3_2_004108A8 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h |
3_2_0042F900 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then push esi |
3_2_0042C913 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx ecx, byte ptr [esi+eax+74h] |
3_2_00432992 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx ecx, byte ptr [esi+eax+74h] |
3_2_00432992 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp word ptr [esi+ecx+02h], 0000h |
3_2_00421A60 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [ebx+esi*8], 62429966h |
3_2_00440AA0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp byte ptr [edi+ecx], 00000000h |
3_2_00445B20 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then jmp ecx |
3_2_00445B20 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then jmp dword ptr [0044EF6Ch] |
3_2_0042CBDC |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx edi, byte ptr [ecx+esi] |
3_2_00406B90 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h |
3_2_0042CC28 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [ecx+edi*8], FFFF4170h |
3_2_00446C30 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx ecx, byte ptr [esp+eax+312BE668h] |
3_2_00440CC0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 7B3AFDABh |
3_2_00440CC0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then lea eax, dword ptr [esp+48h] |
3_2_0042AD00 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then jmp ecx |
3_2_00445E70 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx eax, word ptr [esi+ecx] |
3_2_0043EE00 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [edi+esi*8], 53F09CFAh |
3_2_0041EE2E |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h |
3_2_0041EE2E |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h |
3_2_0041EE2E |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then cmp dword ptr [edx+ecx*8], C59B8BCBh |
3_2_00446F00 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 4x nop then movzx ebp, word ptr [eax] |
3_2_00446F00 |
Source: Network traffic |
Suricata IDS: 2056572 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (widdensmoywi .sbs) : 192.168.2.6:55988 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056566 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (enlargkiw .sbs) : 192.168.2.6:50381 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056568 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (allocatinow .sbs) : 192.168.2.6:53786 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056564 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (resinedyw .sbs) : 192.168.2.6:50222 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056570 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mathcucom .sbs) : 192.168.2.6:64493 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056573 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (widdensmoywi .sbs in TLS SNI) : 192.168.2.6:49710 -> 104.21.8.37:443 |
Source: Network traffic |
Suricata IDS: 2056567 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (enlargkiw .sbs in TLS SNI) : 192.168.2.6:49715 -> 104.21.33.249:443 |
Source: Network traffic |
Suricata IDS: 2056560 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ehticsprocw .sbs) : 192.168.2.6:63149 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056562 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vennurviot .sbs) : 192.168.2.6:51843 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056558 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (condifendteu .sbs) : 192.168.2.6:58354 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056565 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (resinedyw .sbs in TLS SNI) : 192.168.2.6:49718 -> 172.67.205.156:443 |
Source: Network traffic |
Suricata IDS: 2056559 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (condifendteu .sbs in TLS SNI) : 192.168.2.6:49732 -> 104.21.79.35:443 |
Source: Network traffic |
Suricata IDS: 2056571 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mathcucom .sbs in TLS SNI) : 192.168.2.6:49713 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2056556 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawwyobstacw .sbs) : 192.168.2.6:50135 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056561 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ehticsprocw .sbs in TLS SNI) : 192.168.2.6:49721 -> 172.67.173.224:443 |
Source: Network traffic |
Suricata IDS: 2056563 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (vennurviot .sbs in TLS SNI) : 192.168.2.6:49720 -> 172.67.140.193:443 |
Source: Network traffic |
Suricata IDS: 2056557 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawwyobstacw .sbs in TLS SNI) : 192.168.2.6:49738 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49713 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49713 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49710 -> 104.21.8.37:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49710 -> 104.21.8.37:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49715 -> 104.21.33.249:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49715 -> 104.21.33.249:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49720 -> 172.67.140.193:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49720 -> 172.67.140.193:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49718 -> 172.67.205.156:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49718 -> 172.67.205.156:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49721 -> 172.67.173.224:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49721 -> 172.67.173.224:443 |
Source: Network traffic |
Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49744 -> 104.102.49.254:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49738 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49738 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49755 -> 172.67.206.204:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49755 -> 172.67.206.204:443 |
Source: Network traffic |
Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:49761 -> 172.67.206.204:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49732 -> 104.21.79.35:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49732 -> 104.21.79.35:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49761 -> 172.67.206.204:443 |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/ |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/privacy_agreement/ |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/subscriber_agreement/ |
Source: Amcache.hve.6.dr |
String found in binary or memory: http://upx.sf.net |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.valvesoftware.com/legal.htm |
Source: Loader.exe, 00000003.00000003.2178667434.0000000000D46000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2169209036.0000000000D4F000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2178802585.0000000000D4F000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2168816833.0000000000D4C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://allocatinow.sbs/ |
Source: Loader.exe, 00000003.00000003.2169209036.0000000000D4F000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2168816833.0000000000D4C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://allocatinow.sbs/api |
Source: Loader.exe, 00000003.00000003.2169209036.0000000000D4F000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2168816833.0000000000D4C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://allocatinow.sbs/apis |
Source: Loader.exe, 00000003.00000003.2169209036.0000000000D4F000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2168816833.0000000000D4C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://allocatinow.sbs/piP |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://avatars.akamai.steamstatic |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG& |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1 |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6 |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6& |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1& |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0 |
Source: Loader.exe, 00000003.00000003.2178667434.0000000000D46000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2188377647.0000000000D46000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2178802585.0000000000D4F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://enlargkiw.sbs/ |
Source: Loader.exe, 00000003.00000003.2178667434.0000000000D46000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://enlargkiw.sbs/1w#U |
Source: Loader.exe, 00000003.00000003.2178667434.0000000000D46000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2178802585.0000000000D4F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://enlargkiw.sbs/api |
Source: Loader.exe, 00000003.00000003.2178667434.0000000000D46000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2178802585.0000000000D4F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://enlargkiw.sbs/api%U |
Source: Loader.exe, 00000003.00000003.2178667434.0000000000D46000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2178802585.0000000000D4F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://enlargkiw.sbs/apibs- |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://help.steampowered.com/en/ |
Source: Loader.exe, 00000003.00000003.2168816833.0000000000D4C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://mathcucom.sbs/ |
Source: Loader.exe, 00000003.00000003.2169209036.0000000000D4F000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2168816833.0000000000D46000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2168816833.0000000000D4C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://mathcucom.sbs/api |
Source: Loader.exe, 00000003.00000003.2169209036.0000000000D4F000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2168816833.0000000000D4C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://mathcucom.sbs/api4 |
Source: Loader.exe, 00000003.00000003.2188377647.0000000000D46000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://resinedyw.sbs/ |
Source: Loader.exe, 00000003.00000003.2188377647.0000000000D46000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://resinedyw.sbs/1w#U |
Source: Loader.exe, 00000003.00000003.2188377647.0000000000D46000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://resinedyw.sbs/api |
Source: Loader.exe, 00000003.00000003.2188377647.0000000000D46000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://resinedyw.sbs/api%U |
Source: Loader.exe, 00000003.00000003.2188377647.0000000000D46000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://resinedyw.sbs/api( |
Source: Loader.exe, 00000003.00000003.2188377647.0000000000D46000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://resinedyw.sbs/v |
Source: Loader.exe, 00000003.00000003.2188377647.0000000000D46000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://resinedyw.sbs:443/apii |
Source: Loader.exe, 00000003.00000002.2304373806.0000000000D07000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com/ |
Source: Loader.exe, 00000003.00000002.2304373806.0000000000D46000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com/api |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/ |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/discussions/ |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900 |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/market/ |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/my/wishlist/ |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/ |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/workshop/ |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/ |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/about/ |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/explore/ |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2249637998.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/legal/ |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/mobile |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/news/ |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/points/shop/ |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/privacy_agreement/ |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/stats/ |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/steam_refunds/ |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/subscriber_agreement/ |
Source: Loader.exe, 00000003.00000002.2304373806.0000000000D1C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://widdensmoywi.sbs/api |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/5xx-error-landing |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/ |
Source: Loader.exe, 00000003.00000003.2249637998.0000000000DE9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001EE020 |
0_2_001EE020 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001FA1A0 |
0_2_001FA1A0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001C6220 |
0_2_001C6220 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_00202360 |
0_2_00202360 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001DA496 |
0_2_001DA496 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001D8496 |
0_2_001D8496 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001C84A0 |
0_2_001C84A0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_0019C62E |
0_2_0019C62E |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001DE6E0 |
0_2_001DE6E0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_00202770 |
0_2_00202770 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001F0892 |
0_2_001F0892 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001D4882 |
0_2_001D4882 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_00204890 |
0_2_00204890 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001F4990 |
0_2_001F4990 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001ECA95 |
0_2_001ECA95 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_00204B30 |
0_2_00204B30 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001E0B00 |
0_2_001E0B00 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001C8B60 |
0_2_001C8B60 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001F4C00 |
0_2_001F4C00 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_00202C60 |
0_2_00202C60 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001CCC40 |
0_2_001CCC40 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001C4DD0 |
0_2_001C4DD0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_00204E00 |
0_2_00204E00 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001C2E50 |
0_2_001C2E50 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_00196E6F |
0_2_00196E6F |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001D6F0F |
0_2_001D6F0F |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001BEF00 |
0_2_001BEF00 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001EEFD9 |
0_2_001EEFD9 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001CCFC0 |
0_2_001CCFC0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001D2FC0 |
0_2_001D2FC0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001C8FF0 |
0_2_001C8FF0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001FEFE0 |
0_2_001FEFE0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001CF000 |
0_2_001CF000 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001A9074 |
0_2_001A9074 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_002050F0 |
0_2_002050F0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001CF1A3 |
0_2_001CF1A3 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001F31D0 |
0_2_001F31D0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001BF1F3 |
0_2_001BF1F3 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001E31E2 |
0_2_001E31E2 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001EB227 |
0_2_001EB227 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001BF24E |
0_2_001BF24E |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001D3397 |
0_2_001D3397 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001CB3D0 |
0_2_001CB3D0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001E1410 |
0_2_001E1410 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001E9400 |
0_2_001E9400 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001F3400 |
0_2_001F3400 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001BF437 |
0_2_001BF437 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001BF4B1 |
0_2_001BF4B1 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001E54B0 |
0_2_001E54B0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001BF502 |
0_2_001BF502 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001EF5CE |
0_2_001EF5CE |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001C1670 |
0_2_001C1670 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001AD7A5 |
0_2_001AD7A5 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001C57D0 |
0_2_001C57D0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001CB7C0 |
0_2_001CB7C0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001ED800 |
0_2_001ED800 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001F9870 |
0_2_001F9870 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001C78F6 |
0_2_001C78F6 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001D99AE |
0_2_001D99AE |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001DFA3E |
0_2_001DFA3E |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001F9AD0 |
0_2_001F9AD0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_0019FB00 |
0_2_0019FB00 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001C9B00 |
0_2_001C9B00 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001E1B30 |
0_2_001E1B30 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_00203B77 |
0_2_00203B77 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001CFB6A |
0_2_001CFB6A |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001D9C73 |
0_2_001D9C73 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_00191CD2 |
0_2_00191CD2 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_00201E21 |
0_2_00201E21 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001ABE21 |
0_2_001ABE21 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_00191F1A |
0_2_00191F1A |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001A3F53 |
0_2_001A3F53 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 0_2_001C7FE0 |
0_2_001C7FE0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 2_2_001A9074 |
2_2_001A9074 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 2_2_0019FB00 |
2_2_0019FB00 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 2_2_00191CD2 |
2_2_00191CD2 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 2_2_0019C62E |
2_2_0019C62E |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 2_2_001ABE21 |
2_2_001ABE21 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 2_2_00196E6F |
2_2_00196E6F |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 2_2_00191F1A |
2_2_00191F1A |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 2_2_001A3F53 |
2_2_001A3F53 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 2_2_001AD7A5 |
2_2_001AD7A5 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_004112A3 |
3_2_004112A3 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00443D4F |
3_2_00443D4F |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00401000 |
3_2_00401000 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0041900F |
3_2_0041900F |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0040F0C0 |
3_2_0040F0C0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_004150C0 |
3_2_004150C0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0040A0E0 |
3_2_0040A0E0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_004410E0 |
3_2_004410E0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0040B0F0 |
3_2_0040B0F0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_004320A3 |
3_2_004320A3 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00411100 |
3_2_00411100 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00430120 |
3_2_00430120 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_004471F0 |
3_2_004471F0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00420233 |
3_2_00420233 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_004352D0 |
3_2_004352D0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_004252E2 |
3_2_004252E2 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0042C2EE |
3_2_0042C2EE |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_004012F3 |
3_2_004012F3 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0043C2A0 |
3_2_0043C2A0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_004452A0 |
3_2_004452A0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_004122B0 |
3_2_004122B0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0040134E |
3_2_0040134E |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00429370 |
3_2_00429370 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00408320 |
3_2_00408320 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0042D327 |
3_2_0042D327 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_004453F0 |
3_2_004453F0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00444460 |
3_2_00444460 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0040D4D0 |
3_2_0040D4D0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00415497 |
3_2_00415497 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0042B500 |
3_2_0042B500 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00429500 |
3_2_00429500 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00435500 |
3_2_00435500 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00423510 |
3_2_00423510 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0042D530 |
3_2_0042D530 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0041A596 |
3_2_0041A596 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0041C596 |
3_2_0041C596 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0040A5A0 |
3_2_0040A5A0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_004275B0 |
3_2_004275B0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_004455B0 |
3_2_004455B0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00401602 |
3_2_00401602 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_004316CE |
3_2_004316CE |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00403770 |
3_2_00403770 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00428770 |
3_2_00428770 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00445700 |
3_2_00445700 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0042E7C2 |
3_2_0042E7C2 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_004207E0 |
3_2_004207E0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_004457F0 |
3_2_004457F0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00444870 |
3_2_00444870 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0040F819 |
3_2_0040F819 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0040D8C0 |
3_2_0040D8C0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_004078D0 |
3_2_004078D0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0042C8DA |
3_2_0042C8DA |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0043B970 |
3_2_0043B970 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0042F900 |
3_2_0042F900 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0042C931 |
3_2_0042C931 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00416982 |
3_2_00416982 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00432992 |
3_2_00432992 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00446990 |
3_2_00446990 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00421A60 |
3_2_00421A60 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0041FAC9 |
3_2_0041FAC9 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0042BAF1 |
3_2_0042BAF1 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00436A90 |
3_2_00436A90 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0041BAAE |
3_2_0041BAAE |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00445B20 |
3_2_00445B20 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0043BBD0 |
3_2_0043BBD0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00411C5B |
3_2_00411C5B |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0040AC60 |
3_2_0040AC60 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00427C6E |
3_2_00427C6E |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0040BC00 |
3_2_0040BC00 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00422C00 |
3_2_00422C00 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0043CC17 |
3_2_0043CC17 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00423C30 |
3_2_00423C30 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00446C30 |
3_2_00446C30 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0040ED40 |
3_2_0040ED40 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00444D60 |
3_2_00444D60 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00408D70 |
3_2_00408D70 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0041BD73 |
3_2_0041BD73 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0042AD00 |
3_2_0042AD00 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00436D00 |
3_2_00436D00 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00404E60 |
3_2_00404E60 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_0041EE2E |
3_2_0041EE2E |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00406ED0 |
3_2_00406ED0 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: 3_2_00446F00 |
3_2_00446F00 |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Loader.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.6.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware, Inc. |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.6.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.6.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.6.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20 |
Source: Loader.exe, 00000003.00000002.2304373806.0000000000D1C000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2178667434.0000000000D46000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2188377647.0000000000D46000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2169209036.0000000000D4F000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000002.2304373806.0000000000D46000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2178802585.0000000000D4F000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000003.00000003.2168816833.0000000000D4C000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: Amcache.hve.6.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.6.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.6.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.6.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.6.dr |
Binary or memory string: vmci.sys |
Source: Amcache.hve.6.dr |
Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.6.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.6.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.6.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.6.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.6.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.6.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.6.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.6.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.6.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: GetACP,IsValidCodePage,GetLocaleInfoW, |
0_2_001AC370 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: EnumSystemLocalesW, |
0_2_001AC612 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: EnumSystemLocalesW, |
0_2_001AC65D |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: EnumSystemLocalesW, |
0_2_001AC6F8 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
0_2_001AC783 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: GetLocaleInfoW, |
0_2_001AC9D6 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
0_2_001ACAFF |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: GetLocaleInfoW, |
0_2_001ACC05 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
0_2_001ACCD4 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: EnumSystemLocalesW, |
0_2_001A3366 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: GetLocaleInfoW, |
0_2_001A3810 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: GetLocaleInfoW, |
2_2_001A3810 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: GetLocaleInfoW, |
2_2_001AC9D6 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
2_2_001ACAFF |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: GetACP,IsValidCodePage,GetLocaleInfoW, |
2_2_001AC370 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: EnumSystemLocalesW, |
2_2_001A3366 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: GetLocaleInfoW, |
2_2_001ACC05 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
2_2_001ACCD4 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: EnumSystemLocalesW, |
2_2_001AC612 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: EnumSystemLocalesW, |
2_2_001AC65D |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: EnumSystemLocalesW, |
2_2_001AC6F8 |
Source: C:\Users\user\Desktop\Loader.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
2_2_001AC783 |