Windows Analysis Report
SoftWare.exe

Overview

General Information

Sample name: SoftWare.exe
Analysis ID: 1532891
MD5: 495601808baae79851b57369668830dd
SHA1: f5fdb29cfcb3425474f5e0e128c1f11d3288e5ce
SHA256: 0c90aff3de13a06790b2a690b4f5dcd00ab44e6ed4cb76a0b40829cff4d80471
Tags: exeuser-4k95m
Infos:

Detection

LummaC
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE / OLE file has an invalid certificate
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
Lumma Stealer, LummaC2 Stealer Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

AV Detection
barindex
Antivirus detection for URL or domain
Source: https://steamcommunity.com/profiles/76561199724331900 URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/inventory/ URL Reputation: Label: malware
Found malware configuration
Source: 0.2.SoftWare.exe.2a0000.0.unpack Malware Configuration Extractor: LummaC {"C2 url": ["ehticsprocw.sbs", "allocatinow.sbs", "drawwyobstacw.sbs", "resinedyw.sbs", "mathcucom.sbs", "vennurviot.sbs", "widdensmoywi.sbs", "condifendteu.sbs", "enlargkiw.sbs"], "Build id": "yau6Na--1285025705"}
Multi AV Scanner detection for domain / URL
Source: condifendteu.sbs Virustotal: Detection: 17% Perma Link
Source: vennurviot.sbs Virustotal: Detection: 17% Perma Link
Source: drawwyobstacw.sbs Virustotal: Detection: 17% Perma Link
Source: mathcucom.sbs Virustotal: Detection: 20% Perma Link
Source: ehticsprocw.sbs Virustotal: Detection: 15% Perma Link
Source: sergei-esenin.com Virustotal: Detection: 17% Perma Link
Source: resinedyw.sbs Virustotal: Detection: 17% Perma Link
Source: allocatinow.sbs Virustotal: Detection: 19% Perma Link
Source: widdensmoywi.sbs Virustotal: Detection: 11% Perma Link
Source: enlargkiw.sbs Virustotal: Detection: 17% Perma Link
Source: allocatinow.sbs Virustotal: Detection: 19% Perma Link
Source: enlargkiw.sbs Virustotal: Detection: 17% Perma Link
Source: https://widdensmoywi.sbs/api Virustotal: Detection: 11% Perma Link
Source: mathcucom.sbs Virustotal: Detection: 20% Perma Link
Source: drawwyobstacw.sbs Virustotal: Detection: 17% Perma Link
Source: ehticsprocw.sbs Virustotal: Detection: 15% Perma Link
Source: https://vennurviot.sbs/api Virustotal: Detection: 17% Perma Link
Source: condifendteu.sbs Virustotal: Detection: 17% Perma Link
Source: https://ehticsprocw.sbs/ Virustotal: Detection: 15% Perma Link
Source: https://sergei-esenin.com:443/api Virustotal: Detection: 18% Perma Link
Source: https://drawwyobstacw.sbs/api Virustotal: Detection: 17% Perma Link
Source: widdensmoywi.sbs Virustotal: Detection: 11% Perma Link
Source: https://resinedyw.sbs/ Virustotal: Detection: 17% Perma Link
Source: https://sergei-esenin.com/apiD Virustotal: Detection: 16% Perma Link
Source: https://mathcucom.sbs/api Virustotal: Detection: 20% Perma Link
Source: resinedyw.sbs Virustotal: Detection: 17% Perma Link
Source: https://resinedyw.sbs/api Virustotal: Detection: 17% Perma Link
Multi AV Scanner detection for submitted file
Source: SoftWare.exe ReversingLabs: Detection: 42%
Source: SoftWare.exe Virustotal: Detection: 43% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 99.9% probability
Machine Learning detection for sample
Source: SoftWare.exe Joe Sandbox ML: detected
Sample uses string decryption to hide its real strings
Source: 00000002.00000002.2277663568.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: drawwyobstacw.sbs
Source: 00000002.00000002.2277663568.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: condifendteu.sbs
Source: 00000002.00000002.2277663568.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: ehticsprocw.sbs
Source: 00000002.00000002.2277663568.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: vennurviot.sbs
Source: 00000002.00000002.2277663568.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: resinedyw.sbs
Source: 00000002.00000002.2277663568.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: enlargkiw.sbs
Source: 00000002.00000002.2277663568.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: allocatinow.sbs
Source: 00000002.00000002.2277663568.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: mathcucom.sbs
Source: 00000002.00000002.2277663568.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: widdensmoywi.sbs
Source: 00000002.00000002.2277663568.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000002.00000002.2277663568.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: TeslaBrowser/5.5
Source: 00000002.00000002.2277663568.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: - Screen Resoluton:
Source: 00000002.00000002.2277663568.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: - Physical Installed Memory:
Source: 00000002.00000002.2277663568.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: Workgroup: -
Source: 00000002.00000002.2277663568.0000000000400000.00000040.00000400.00020000.00000000.sdmp String decryptor: yau6Na--1285025705
Uses 32bit PE files
Source: SoftWare.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 172.67.156.197:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.33.249:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.205.156:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.140.193:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.173.224:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.79.35:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: SoftWare.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002B7C3B FindFirstFileExW,FindNextFileW,FindClose,FindClose, 0_2_002B7C3B
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 1_2_002B7B87 FindFirstFileExW, 1_2_002B7B87
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax-0F9FE973h] 0_2_002F2100
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov byte ptr [eax], bl 0_2_002DC185
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov byte ptr [eax+ebx], 00000030h 0_2_002CC215
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov byte ptr [ebx], cl 0_2_002FA261
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov ecx, eax 0_2_002D8280
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov ecx, eax 0_2_002F2290
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx+27DA70DAh] 0_2_002F62F8
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h 0_2_002F8481
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ebx, byte ptr [esp+ebp-21358888h] 0_2_002D84F0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov edi, esi 0_2_002D84F0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ebx, byte ptr [edx] 0_2_003025E0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ecx, byte ptr [esi+eax+00000404h] 0_2_002FA631
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx edx, byte ptr [eax+esi] 0_2_0030E616
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov eax, ebx 0_2_002F2610
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov byte ptr [ebx], cl 0_2_002FA6B6
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx edx, byte ptr [esi+ebx] 0_2_002D07C0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov ebx, dword ptr [esp] 0_2_002F4861
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov byte ptr [ebx], al 0_2_002FA91B
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx edi, byte ptr [esp+ecx+48h] 0_2_002EE910
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov byte ptr [ebx], al 0_2_002FA911
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov ebx, dword ptr [edi+04h] 0_2_002F89C0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx esi, byte ptr [edx] 0_2_00308AD0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_002F0AC0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then jmp ecx 0_2_0030CB60
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ebx, byte ptr [esi+ecx-3EFFFBA8h] 0_2_002F2C23
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ecx, word ptr [edi+eax] 0_2_0030CD90
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ebp, byte ptr [esp+esi-2Fh] 0_2_00304F30
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then jmp eax 0_2_002EEF70
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h 0_2_002F8F70
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov edi, ecx 0_2_002FAFC8
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov eax, ebx 0_2_00305000
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov dword ptr [0044EA1Ch], esi 0_2_002D9044
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ebp, byte ptr [esp+edx] 0_2_0030D100
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h 0_2_0030F160
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then push 754C8FBDh 0_2_002D9199
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov word ptr [ecx], dx 0_2_002F73C6
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx eax, word ptr [esi+ecx] 0_2_00307480
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov edx, eax 0_2_002F14D7
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp al, 2Eh 0_2_002F550F
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then lea eax, dword ptr [esp+70h] 0_2_00305500
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ebp, byte ptr [esp+esi+3Ch] 0_2_002DB5ED
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov edx, ecx 0_2_002F366C
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp word ptr [esi+eax+02h], 0000h 0_2_002EB6A0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_002EB6A0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx esi, byte ptr [esp+edx-48088AD6h] 0_2_0030B69B
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then jmp eax 0_2_002F7751
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then push ebx 0_2_003057A5
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov byte ptr [ebx], dl 0_2_002F9790
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then push ebx 0_2_002E9833
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_002D9859
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax-3402AD93h] 0_2_0030B93C
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], 27BAF212h 0_2_0030B93C
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], 4E7D7006h 0_2_0030B9CB
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov word ptr [ebp+00h], ax 0_2_002EBA50
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ebx, word ptr [ecx] 0_2_002F3A90
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov dl, 01h 0_2_002F3B13
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp dword ptr [ebx+edi*8], 07E776F1h 0_2_00305B60
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx edi, byte ptr [esp+eax-00000093h] 0_2_0030FB50
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx edi, byte ptr [eax+esi] 0_2_002D1BC0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], C85F7986h 0_2_002FBC41
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov ecx, dword ptr [edi+eax] 0_2_002F5CF8
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp dword ptr [ebx+edi*8], C274D4CAh 0_2_0030BD1C
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov edx, eax 0_2_002F14D7
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov byte ptr [ebx], cl 0_2_002F9D11
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ecx, byte ptr [edx+ebx-5Ah] 0_2_0030DD45
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], C85F7986h 0_2_002FBDC7
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax-62528225h] 0_2_002D7DC0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then jmp ecx 0_2_0030DDC4
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax+373A3ECEh] 0_2_002E9E20
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp di, 005Ch 0_2_002E9E20
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov ecx, eax 0_2_002E9E20
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then push edi 0_2_0030BE23
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx edi, byte ptr [esp+ecx-05h] 0_2_002F1E60
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov edx, ecx 0_2_002F5F1F
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov dword ptr [eax+ebx], 30303030h 0_2_002CBF40
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov dword ptr [eax+ebx], 20202020h 0_2_002CBF40
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then lea eax, dword ptr [esp+70h] 2_2_0043A429
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then push ebx 2_2_0043A429
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then jmp ecx 2_2_0044162C
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx esi, byte ptr [esp+edx-48088AD6h] 2_2_00440730
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax-3402AD93h] 2_2_004409FC
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], 27BAF212h 2_2_004409FC
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], 4E7D7006h 2_2_00440A8B
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp dword ptr [ebx+edi*8], C274D4CAh 2_2_00440DDC
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax-62528225h] 2_2_0040CE80
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov byte ptr [eax], bl 2_2_00411048
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov dword ptr [eax+ebx], 30303030h 2_2_00401000
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov dword ptr [eax+ebx], 20202020h 2_2_00401000
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then jmp eax 2_2_00424030
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h 2_2_0042E030
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov eax, ebx 2_2_0043A0C0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx edx, byte ptr [eax+esi] 2_2_00443090
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov dword ptr [0044EA1Ch], esi 2_2_0040E104
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ebp, byte ptr [esp+edx] 2_2_004421C0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then push 754C8FBDh 2_2_0040E259
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h 2_2_00444220
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov byte ptr [eax+ebx], 00000030h 2_2_004012D5
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov ecx, eax 2_2_0040D340
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov ebx, dword ptr [esp] 2_2_00429467
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx edx, byte ptr [eax+esi] 2_2_00443430
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov edx, eax 2_2_004264CB
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov word ptr [ecx], dx 2_2_0042C486
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h 2_2_0042D541
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx eax, word ptr [esi+ecx] 2_2_0043C540
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx+27DA70DAh] 2_2_0042B525
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ebx, byte ptr [esp+ebp-21358888h] 2_2_0040D5B0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov edi, esi 2_2_0040D5B0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov word ptr [ecx], dx 2_2_0042C486
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov eax, ebx 2_2_004276D0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp al, 2Eh 2_2_0042A68D
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ebx, byte ptr [edx] 2_2_004376A0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ebp, byte ptr [esp+esi+3Ch] 2_2_004106AD
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp word ptr [esi+eax+02h], 0000h 2_2_0042074A
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov word ptr [eax], cx 2_2_0042074A
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov byte ptr [ebx], cl 2_2_0042F776
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov byte ptr [ebx], al 2_2_0042F776
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov edi, ecx 2_2_0042F776
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov edx, ecx 2_2_0042872C
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov byte ptr [ebx], dl 2_2_0042E850
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov byte ptr [ebx], cl 2_2_0042E850
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov byte ptr [ebx], cl 2_2_0042E850
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov byte ptr [ebx], al 2_2_0042E850
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov edi, ecx 2_2_0042E850
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then jmp eax 2_2_0042C811
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then push ebx 2_2_0041E8F3
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx edx, byte ptr [esi+ebx] 2_2_00405880
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov word ptr [eax], cx 2_2_0040E919
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx edi, byte ptr [esp+ecx+48h] 2_2_004239D0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov ebx, dword ptr [edi+04h] 2_2_0042DA80
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov ecx, dword ptr [edi+eax] 2_2_0042AB6E
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov word ptr [ebp+00h], ax 2_2_00420B10
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov word ptr [eax], cx 2_2_00425B80
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ecx, byte ptr [edx+ebx-5Ah] 2_2_00442B80
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then jmp ecx 2_2_00442B80
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx edx, byte ptr [eax+esi] 2_2_00442B80
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx esi, byte ptr [edx] 2_2_0043DB90
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx edi, byte ptr [esp+eax-00000093h] 2_2_00444C10
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp dword ptr [ebx+edi*8], 07E776F1h 2_2_0043AC20
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ebx, byte ptr [esi+ecx-3EFFFBA8h] 2_2_00427CE3
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ebx, word ptr [ecx] 2_2_00427CE3
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov dl, 01h 2_2_00427CE3
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov edx, ecx 2_2_00427CE3
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx edi, byte ptr [eax+esi] 2_2_00406C80
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], C85F7986h 2_2_00430D01
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ecx, word ptr [edi+eax] 2_2_00441E50
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax+373A3ECEh] 2_2_0041EEE0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp di, 005Ch 2_2_0041EEE0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov ecx, eax 2_2_0041EEE0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then push edi 2_2_00440EE3
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], C85F7986h 2_2_00430E87
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx edx, byte ptr [eax+esi] 2_2_00442EA0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx edi, byte ptr [esp+ecx-05h] 2_2_00426F20
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax-0F9FE973h] 2_2_00426F20
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov ecx, eax 2_2_00426F20
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], C85F7986h 2_2_00430FD0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then mov edx, ecx 2_2_0042AFE3
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx ebp, byte ptr [esp+esi-2Fh] 2_2_00439FF0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 4x nop then movzx edx, byte ptr [eax+esi] 2_2_00442F90

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2056568 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (allocatinow .sbs) : 192.168.2.4:54416 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056572 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (widdensmoywi .sbs) : 192.168.2.4:61399 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056560 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ehticsprocw .sbs) : 192.168.2.4:51215 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056570 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mathcucom .sbs) : 192.168.2.4:54534 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056564 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (resinedyw .sbs) : 192.168.2.4:65407 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056562 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vennurviot .sbs) : 192.168.2.4:59950 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056561 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ehticsprocw .sbs in TLS SNI) : 192.168.2.4:49744 -> 172.67.173.224:443
Source: Network traffic Suricata IDS: 2056573 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (widdensmoywi .sbs in TLS SNI) : 192.168.2.4:49733 -> 172.67.156.197:443
Source: Network traffic Suricata IDS: 2056567 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (enlargkiw .sbs in TLS SNI) : 192.168.2.4:49737 -> 104.21.33.249:443
Source: Network traffic Suricata IDS: 2056559 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (condifendteu .sbs in TLS SNI) : 192.168.2.4:49745 -> 104.21.79.35:443
Source: Network traffic Suricata IDS: 2056571 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mathcucom .sbs in TLS SNI) : 192.168.2.4:49735 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2056563 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (vennurviot .sbs in TLS SNI) : 192.168.2.4:49742 -> 172.67.140.193:443
Source: Network traffic Suricata IDS: 2056565 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (resinedyw .sbs in TLS SNI) : 192.168.2.4:49740 -> 172.67.205.156:443
Source: Network traffic Suricata IDS: 2056558 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (condifendteu .sbs) : 192.168.2.4:61248 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056566 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (enlargkiw .sbs) : 192.168.2.4:58864 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056557 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawwyobstacw .sbs in TLS SNI) : 192.168.2.4:49746 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2056556 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawwyobstacw .sbs) : 192.168.2.4:56986 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49747 -> 104.102.49.254:443
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49737 -> 104.21.33.249:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49737 -> 104.21.33.249:443
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49744 -> 172.67.173.224:443
Source: Network traffic Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49750 -> 104.21.53.8:443
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49749 -> 104.21.53.8:443
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49733 -> 172.67.156.197:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49733 -> 172.67.156.197:443
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49735 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49735 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49744 -> 172.67.173.224:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49749 -> 104.21.53.8:443
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49745 -> 104.21.79.35:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49750 -> 104.21.53.8:443
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49740 -> 172.67.205.156:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49745 -> 104.21.79.35:443
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49746 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49746 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49742 -> 172.67.140.193:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49740 -> 172.67.205.156:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49742 -> 172.67.140.193:443
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: ehticsprocw.sbs
Source: Malware configuration extractor URLs: allocatinow.sbs
Source: Malware configuration extractor URLs: drawwyobstacw.sbs
Source: Malware configuration extractor URLs: resinedyw.sbs
Source: Malware configuration extractor URLs: mathcucom.sbs
Source: Malware configuration extractor URLs: vennurviot.sbs
Source: Malware configuration extractor URLs: widdensmoywi.sbs
Source: Malware configuration extractor URLs: condifendteu.sbs
Source: Malware configuration extractor URLs: enlargkiw.sbs
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.21.53.8 104.21.53.8
Source: Joe Sandbox View IP Address: 104.21.33.249 104.21.33.249
Source: Joe Sandbox View IP Address: 172.67.173.224 172.67.173.224
Source: Joe Sandbox View IP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox View IP Address: 188.114.96.3 188.114.96.3
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: widdensmoywi.sbs
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: mathcucom.sbs
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: enlargkiw.sbs
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: resinedyw.sbs
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: vennurviot.sbs
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: ehticsprocw.sbs
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: condifendteu.sbs
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: drawwyobstacw.sbs
Source: global traffic HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=eJkD7fdghkY3w75yfrMhybLOU1CqWngT3X8rRbNEPUI-1728875469-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: sergei-esenin.com
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic DNS traffic detected: DNS query: widdensmoywi.sbs
Source: global traffic DNS traffic detected: DNS query: mathcucom.sbs
Source: global traffic DNS traffic detected: DNS query: allocatinow.sbs
Source: global traffic DNS traffic detected: DNS query: enlargkiw.sbs
Source: global traffic DNS traffic detected: DNS query: resinedyw.sbs
Source: global traffic DNS traffic detected: DNS query: vennurviot.sbs
Source: global traffic DNS traffic detected: DNS query: ehticsprocw.sbs
Source: global traffic DNS traffic detected: DNS query: condifendteu.sbs
Source: global traffic DNS traffic detected: DNS query: drawwyobstacw.sbs
Source: global traffic DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic DNS traffic detected: DNS query: sergei-esenin.com
Source: unknown HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: widdensmoywi.sbs
Source: SoftWare.exe String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
Source: SoftWare.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SoftWare.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SoftWare.exe String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: SoftWare.exe String found in binary or memory: http://crl.entrust.net/ts1ca.crl0
Source: SoftWare.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SoftWare.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SoftWare.exe String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: SoftWare.exe String found in binary or memory: http://ocsp.digicert.com0
Source: SoftWare.exe String found in binary or memory: http://ocsp.digicert.com0A
Source: SoftWare.exe String found in binary or memory: http://ocsp.entrust.net02
Source: SoftWare.exe String found in binary or memory: http://ocsp.entrust.net03
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000DAF000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882333613.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000DAF000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882333613.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000DAF000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882333613.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: Amcache.hve.5.dr String found in binary or memory: http://upx.sf.net
Source: SoftWare.exe String found in binary or memory: http://www.digicert.com/CPS0
Source: SoftWare.exe String found in binary or memory: http://www.entrust.net/rpa03
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: SoftWare.exe, 00000002.00000003.1882230031.0000000000D37000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000DAF000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882333613.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: SoftWare.exe, 00000002.00000003.1882230031.0000000000D37000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstaticmmD
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.stea
Source: SoftWare.exe, 00000002.00000003.1882230031.0000000000D37000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000DAF000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882333613.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000D37000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000DAF000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882333613.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000DAF000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882333613.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000DAF000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882333613.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000DAF000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882333613.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000DAF000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882333613.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000D37000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000D37000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000D37000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
Source: SoftWare.exe, 00000002.00000003.1882230031.0000000000D37000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=eng
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000D37000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000D37000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000D37000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000D37000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000D37000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000D37000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000D37000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000D37000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000D37000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000D37000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000D37000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000D37000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: SoftWare.exe, 00000002.00000003.1842017775.0000000000D56000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ehticsprocw.sbs/
Source: SoftWare.exe, 00000002.00000003.1842017775.0000000000D56000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ehticsprocw.sbs/api
Source: SoftWare.exe, 00000002.00000003.1842017775.0000000000D56000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ehticsprocw.sbs/apiA
Source: SoftWare.exe, 00000002.00000003.1842017775.0000000000D56000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ehticsprocw.sbs/piLV
Source: SoftWare.exe, 00000002.00000003.1842017775.0000000000D56000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ehticsprocw.sbs/piTV
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://help.steampowe
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://help.steampowered.com/en/
Source: SoftWare.exe, 00000002.00000003.1842017775.0000000000D56000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://resinedyw.sbs/
Source: SoftWare.exe, 00000002.00000003.1882230031.0000000000D56000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/
Source: SoftWare.exe, 00000002.00000003.1882230031.0000000000D56000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/api
Source: SoftWare.exe, 00000002.00000003.1882230031.0000000000D56000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/apiD
Source: SoftWare.exe, 00000002.00000002.2277888784.0000000000D56000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com:443/api
Source: SoftWare.exe, 00000002.00000003.1882230031.0000000000D56000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/discussions/
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000DAF000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882333613.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/market/
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: SoftWare.exe, 00000002.00000003.1882230031.0000000000D56000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000DAF000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882333613.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000DAF000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882333613.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: SoftWare.exe, 00000002.00000003.1882230031.0000000000D56000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/q
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/workshop/
Source: SoftWare.exe, 00000002.00000003.1882230031.0000000000D56000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/y
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/about/
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/explore/
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000DAF000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882333613.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/legal/
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/mobile
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/news/
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/points/shop/
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/stats/
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: SoftWare.exe, 00000002.00000003.1842017775.0000000000D56000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://vennurviot.sbs/=m
Source: SoftWare.exe, 00000002.00000003.1842017775.0000000000D56000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://vennurviot.sbs/api
Source: SoftWare.exe, 00000002.00000002.2277888784.0000000000D2C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://widdensmoywi.sbs/api
Source: SoftWare.exe, 00000002.00000003.1882230031.0000000000D37000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000D45000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000DAF000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882349252.0000000000DAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: SoftWare.exe, 00000002.00000003.1882230031.0000000000D56000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cloudflare.com/learning/access-man
Source: SoftWare.exe String found in binary or memory: https://www.entrust.net/rpa0
Source: SoftWare.exe, 00000002.00000003.1882206888.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 172.67.156.197:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.33.249:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.205.156:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.140.193:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.173.224:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.79.35:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49750 version: TLS 1.2
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00434BE0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard, 2_2_00434BE0
Contains functionality to read the clipboard data
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00434BE0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard, 2_2_00434BE0
Contains functionality to record screenshots
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00434D70 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt, 2_2_00434D70
Detected potential crypto function
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002D6030 0_2_002D6030
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002AE190 0_2_002AE190
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002CC215 0_2_002CC215
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002CC268 0_2_002CC268
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002EC2A0 0_2_002EC2A0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002F054E 0_2_002F054E
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002F2610 0_2_002F2610
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_00304760 0_2_00304760
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002CE820 0_2_002CE820
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002D2920 0_2_002D2920
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002FA91B 0_2_002FA91B
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002EE910 0_2_002EE910
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002FA911 0_2_002FA911
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002F6A90 0_2_002F6A90
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002D6B40 0_2_002D6B40
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002F2C23 0_2_002F2C23
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002ECCB0 0_2_002ECCB0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002F4CE0 0_2_002F4CE0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002B2D9D 0_2_002B2D9D
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002B6E51 0_2_002B6E51
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002D4F00 0_2_002D4F00
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002F8F70 0_2_002F8F70
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002FAFC8 0_2_002FAFC8
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_0030D100 0_2_0030D100
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_0030310E 0_2_0030310E
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002FB266 0_2_002FB266
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002AB25E 0_2_002AB25E
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_0030F280 0_2_0030F280
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002ED3C0 0_2_002ED3C0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_0030F540 0_2_0030F540
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002BB551 0_2_002BB551
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_0030D620 0_2_0030D620
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002FB668 0_2_002FB668
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_00309840 0_2_00309840
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_0030F840 0_2_0030F840
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002D7890 0_2_002D7890
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002A58F5 0_2_002A58F5
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_00303AA7 0_2_00303AA7
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002A1AC2 0_2_002A1AC2
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_0030FB50 0_2_0030FB50
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002D5BA0 0_2_002D5BA0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002FDBB0 0_2_002FDBB0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002D9BE0 0_2_002D9BE0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_00305CA0 0_2_00305CA0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002A1D0A 0_2_002A1D0A
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002FBDC7 0_2_002FBDC7
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002D7DC0 0_2_002D7DC0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002FDDC0 0_2_002FDDC0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002E9E20 0_2_002E9E20
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002DFE4C 0_2_002DFE4C
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002CFF30 0_2_002CFF30
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002D1F00 0_2_002D1F00
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002CBF40 0_2_002CBF40
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002CFFCA 0_2_002CFFCA
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 1_2_002A58F5 1_2_002A58F5
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 1_2_002AE190 1_2_002AE190
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 1_2_002AB25E 1_2_002AB25E
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 1_2_002A1AC2 1_2_002A1AC2
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 1_2_002B9BCD 1_2_002B9BCD
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 1_2_002A1D0A 1_2_002A1D0A
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 1_2_002BB551 1_2_002BB551
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 1_2_002B2D9D 1_2_002B2D9D
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 1_2_002B6E51 1_2_002B6E51
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0043A429 2_2_0043A429
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0044162C 2_2_0044162C
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00410B70 2_2_00410B70
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0040ECA0 2_2_0040ECA0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0043AD60 2_2_0043AD60
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0040CE80 2_2_0040CE80
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00411048 2_2_00411048
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00401000 2_2_00401000
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0042E030 2_2_0042E030
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0040B0F0 2_2_0040B0F0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00443090 2_2_00443090
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_004421C0 2_2_004421C0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_004381CE 2_2_004381CE
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_004012D5 2_2_004012D5
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00444340 2_2_00444340
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00421360 2_2_00421360
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0041E323 2_2_0041E323
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00401328 2_2_00401328
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00429467 2_2_00429467
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00443430 2_2_00443430
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_004264CB 2_2_004264CB
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00422480 2_2_00422480
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0042B525 2_2_0042B525
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00444600 2_2_00444600
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0042560E 2_2_0042560E
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_004276D0 2_2_004276D0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_004426E0 2_2_004426E0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0042A68D 2_2_0042A68D
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0042F776 2_2_0042F776
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00430728 2_2_00430728
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0042E850 2_2_0042E850
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00439820 2_2_00439820
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0042C8D7 2_2_0042C8D7
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_004098DE 2_2_004098DE
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_004038E0 2_2_004038E0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0040C950 2_2_0040C950
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0043E900 2_2_0043E900
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00444900 2_2_00444900
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_004239D0 2_2_004239D0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_004079E0 2_2_004079E0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0043A9E0 2_2_0043A9E0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0042BB50 2_2_0042BB50
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00438B67 2_2_00438B67
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0042AB6E 2_2_0042AB6E
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00442B80 2_2_00442B80
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0040AC60 2_2_0040AC60
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00432C70 2_2_00432C70
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0040BC00 2_2_0040BC00
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00444C10 2_2_00444C10
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00427CE3 2_2_00427CE3
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00409C8C 2_2_00409C8C
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0041DC9E 2_2_0041DC9E
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0042CD60 2_2_0042CD60
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00421D70 2_2_00421D70
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00426D28 2_2_00426D28
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00408DC0 2_2_00408DC0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00429DA0 2_2_00429DA0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0041EEE0 2_2_0041EEE0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00432E80 2_2_00432E80
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00430E87 2_2_00430E87
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00442EA0 2_2_00442EA0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00414F0C 2_2_00414F0C
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00426F20 2_2_00426F20
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00406FC0 2_2_00406FC0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00409FC0 2_2_00409FC0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00430FD0 2_2_00430FD0
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0042AFE3 2_2_0042AFE3
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00442F90 2_2_00442F90
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00404FA0 2_2_00404FA0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SoftWare.exe Code function: String function: 0040C740 appears 62 times
Source: C:\Users\user\Desktop\SoftWare.exe Code function: String function: 002B1CFA appears 40 times
Source: C:\Users\user\Desktop\SoftWare.exe Code function: String function: 002A61F0 appears 104 times
Source: C:\Users\user\Desktop\SoftWare.exe Code function: String function: 0040DF80 appears 217 times
Source: C:\Users\user\Desktop\SoftWare.exe Code function: String function: 002AC1A5 appears 42 times
Source: C:\Users\user\Desktop\SoftWare.exe Code function: String function: 002D8EC0 appears 217 times
Source: C:\Users\user\Desktop\SoftWare.exe Code function: String function: 002D7680 appears 100 times
One or more processes crash
Source: C:\Users\user\Desktop\SoftWare.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 308
PE / OLE file has an invalid certificate
Source: SoftWare.exe Static PE information: invalid certificate
Uses 32bit PE files
Source: SoftWare.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SoftWare.exe Static PE information: Section: .data ZLIB complexity 0.9908951192250373
Source: classification engine Classification label: mal100.troj.evad.winEXE@9/13@11/9
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0043A260 CoCreateInstance, 2_2_0043A260
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2032
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3452
Source: C:\Windows\SysWOW64\WerFault.exe File created: C:\ProgramData\Microsoft\Windows\WER\Temp\ba35e7c1-66fe-4144-beb0-0fd26fb97b22 Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Command line argument: @1 1_2_002A1FEA
Source: SoftWare.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SoftWare.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SoftWare.exe ReversingLabs: Detection: 42%
Source: SoftWare.exe Virustotal: Detection: 43%
Source: C:\Users\user\Desktop\SoftWare.exe File read: C:\Users\user\Desktop\SoftWare.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SoftWare.exe "C:\Users\user\Desktop\SoftWare.exe"
Source: C:\Users\user\Desktop\SoftWare.exe Process created: C:\Users\user\Desktop\SoftWare.exe "C:\Users\user\Desktop\SoftWare.exe"
Source: C:\Users\user\Desktop\SoftWare.exe Process created: C:\Users\user\Desktop\SoftWare.exe "C:\Users\user\Desktop\SoftWare.exe"
Source: C:\Users\user\Desktop\SoftWare.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 308
Source: C:\Users\user\Desktop\SoftWare.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 1652
Source: C:\Users\user\Desktop\SoftWare.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 1724
Source: C:\Users\user\Desktop\SoftWare.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 1656
Source: C:\Users\user\Desktop\SoftWare.exe Process created: C:\Users\user\Desktop\SoftWare.exe "C:\Users\user\Desktop\SoftWare.exe" Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Process created: C:\Users\user\Desktop\SoftWare.exe "C:\Users\user\Desktop\SoftWare.exe" Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: SoftWare.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SoftWare.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002E4222 push esp; retf 0_2_002E4225
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002A570F push ecx; ret 0_2_002A5722
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002A1F88 push eax; ret 0_2_002A1FE4
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 1_2_002A570F push ecx; ret 1_2_002A5722
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 1_2_002A1F88 push eax; ret 1_2_002A1FE4
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_0044906E push eax; ret 2_2_00449091
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00449092 push eax; ret 2_2_00449099
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_004490A8 push eax; ret 2_2_004490A9
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_004192E2 push esp; retf 2_2_004192E5
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_00446DF6 push esp; iretd 2_2_00446DF7
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\SoftWare.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SoftWare.exe API coverage: 5.2 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\SoftWare.exe TID: 4248 Thread sleep time: -30000s >= -30000s Jump to behavior
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\Desktop\SoftWare.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002B7C3B FindFirstFileExW,FindNextFileW,FindClose,FindClose, 0_2_002B7C3B
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 1_2_002B7B87 FindFirstFileExW, 1_2_002B7B87
Source: Amcache.hve.5.dr Binary or memory string: VMware
Source: Amcache.hve.5.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.5.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.5.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.5.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.5.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.5.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.5.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: SoftWare.exe, 00000002.00000002.2277888784.0000000000D2C000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000002.2277888784.0000000000D56000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1842017775.0000000000D56000.00000004.00000020.00020000.00000000.sdmp, SoftWare.exe, 00000002.00000003.1882230031.0000000000D56000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: Amcache.hve.5.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.5.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.5.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.5.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.5.dr Binary or memory string: vmci.sys
Source: Amcache.hve.5.dr Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.5.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.5.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.5.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.5.dr Binary or memory string: VMware20,1
Source: Amcache.hve.5.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.5.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.5.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.5.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.5.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.5.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.5.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.5.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.5.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.5.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.5.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\SoftWare.exe API call chain: ExitProcess graph end node
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\SoftWare.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Process queried: DebugPort Jump to behavior
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 2_2_004407F0 LdrInitializeThunk, 2_2_004407F0
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002ABE0F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_002ABE0F
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002B2B19 mov eax, dword ptr fs:[00000030h] 0_2_002B2B19
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002A1FEA mov edi, dword ptr fs:[00000030h] 0_2_002A1FEA
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002B2B5D mov eax, dword ptr fs:[00000030h] 0_2_002B2B5D
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002AF4C6 mov ecx, dword ptr fs:[00000030h] 0_2_002AF4C6
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 1_2_002B2B19 mov eax, dword ptr fs:[00000030h] 1_2_002B2B19
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 1_2_002B2B5D mov eax, dword ptr fs:[00000030h] 1_2_002B2B5D
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 1_2_002AF4C6 mov ecx, dword ptr fs:[00000030h] 1_2_002AF4C6
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 1_2_002A1FEA mov edi, dword ptr fs:[00000030h] 1_2_002A1FEA
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002BACE2 GetProcessHeap, 0_2_002BACE2
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002A6120 SetUnhandledExceptionFilter, 0_2_002A6120
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002A5C64 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_002A5C64
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002ABE0F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_002ABE0F
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002A5F93 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_002A5F93
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 1_2_002A6120 SetUnhandledExceptionFilter, 1_2_002A6120
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 1_2_002A5C64 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 1_2_002A5C64
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 1_2_002ABE0F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_002ABE0F
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 1_2_002A5F93 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_002A5F93

HIPS / PFW / Operating System Protection Evasion
barindex
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\SoftWare.exe Memory written: C:\Users\user\Desktop\SoftWare.exe base: 400000 value starts with: 4D5A Jump to behavior
LummaC encrypted strings found
Source: SoftWare.exe String found in binary or memory: drawwyobstacw.sbs
Source: SoftWare.exe String found in binary or memory: condifendteu.sbs
Source: SoftWare.exe String found in binary or memory: ehticsprocw.sbs
Source: SoftWare.exe String found in binary or memory: vennurviot.sbs
Source: SoftWare.exe String found in binary or memory: resinedyw.sbs
Source: SoftWare.exe String found in binary or memory: enlargkiw.sbs
Source: SoftWare.exe String found in binary or memory: allocatinow.sbs
Source: SoftWare.exe String found in binary or memory: mathcucom.sbs
Source: SoftWare.exe String found in binary or memory: widdensmoywi.sbs
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SoftWare.exe Process created: C:\Users\user\Desktop\SoftWare.exe "C:\Users\user\Desktop\SoftWare.exe" Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Process created: C:\Users\user\Desktop\SoftWare.exe "C:\Users\user\Desktop\SoftWare.exe" Jump to behavior
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\SoftWare.exe Code function: EnumSystemLocalesW, 0_2_002BA3BE
Source: C:\Users\user\Desktop\SoftWare.exe Code function: EnumSystemLocalesW, 0_2_002BA409
Source: C:\Users\user\Desktop\SoftWare.exe Code function: EnumSystemLocalesW, 0_2_002BA4A4
Source: C:\Users\user\Desktop\SoftWare.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, 0_2_002BA52F
Source: C:\Users\user\Desktop\SoftWare.exe Code function: GetLocaleInfoW, 0_2_002BA782
Source: C:\Users\user\Desktop\SoftWare.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 0_2_002BA8AB
Source: C:\Users\user\Desktop\SoftWare.exe Code function: GetLocaleInfoW, 0_2_002BA9B1
Source: C:\Users\user\Desktop\SoftWare.exe Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, 0_2_002BAA80
Source: C:\Users\user\Desktop\SoftWare.exe Code function: EnumSystemLocalesW, 0_2_002B1A66
Source: C:\Users\user\Desktop\SoftWare.exe Code function: GetLocaleInfoW, 0_2_002B1F50
Source: C:\Users\user\Desktop\SoftWare.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 1_2_002BA8AB
Source: C:\Users\user\Desktop\SoftWare.exe Code function: GetACP,IsValidCodePage,GetLocaleInfoW, 1_2_002BA11C
Source: C:\Users\user\Desktop\SoftWare.exe Code function: GetLocaleInfoW, 1_2_002BA9B1
Source: C:\Users\user\Desktop\SoftWare.exe Code function: EnumSystemLocalesW, 1_2_002B1A66
Source: C:\Users\user\Desktop\SoftWare.exe Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, 1_2_002BAA80
Source: C:\Users\user\Desktop\SoftWare.exe Code function: EnumSystemLocalesW, 1_2_002BA3BE
Source: C:\Users\user\Desktop\SoftWare.exe Code function: EnumSystemLocalesW, 1_2_002BA409
Source: C:\Users\user\Desktop\SoftWare.exe Code function: EnumSystemLocalesW, 1_2_002BA4A4
Source: C:\Users\user\Desktop\SoftWare.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, 1_2_002BA52F
Source: C:\Users\user\Desktop\SoftWare.exe Code function: GetLocaleInfoW, 1_2_002B1F50
Source: C:\Users\user\Desktop\SoftWare.exe Code function: GetLocaleInfoW, 1_2_002BA782
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\SoftWare.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SoftWare.exe Code function: 0_2_002A51AF GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime, 0_2_002A51AF
Source: C:\Users\user\Desktop\SoftWare.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: Amcache.hve.5.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.5.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.5.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.5.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information
barindex
Yara detected LummaC Stealer
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected LummaC Stealer
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1532891 Sample: SoftWare.exe Startdate: 14/10/2024 Architecture: WINDOWS Score: 100 32 widdensmoywi.sbs 2->32 34 vennurviot.sbs 2->34 36 9 other IPs or domains 2->36 44 Multi AV Scanner detection for domain / URL 2->44 46 Suricata IDS alerts for network traffic 2->46 48 Found malware configuration 2->48 50 8 other signatures 2->50 8 SoftWare.exe 2->8         started        signatures3 process4 signatures5 52 Injects a PE file into a foreign processes 8->52 11 SoftWare.exe 8->11         started        14 WerFault.exe 21 16 8->14         started        17 SoftWare.exe 8->17         started        process6 dnsIp7 38 enlargkiw.sbs 104.21.33.249, 443, 49737 CLOUDFLARENETUS United States 11->38 40 sergei-esenin.com 104.21.53.8, 443, 49749, 49750 CLOUDFLARENETUS United States 11->40 42 7 other IPs or domains 11->42 19 WerFault.exe 1 16 11->19         started        22 WerFault.exe 16 11->22         started        24 WerFault.exe 2 11->24         started        30 C:\ProgramData\Microsoft\...\Report.wer, Unicode 14->30 dropped file8 process9 file10 26 C:\ProgramData\Microsoft\...\Report.wer, Unicode 19->26 dropped 28 C:\ProgramData\Microsoft\...\Report.wer, Unicode 22->28 dropped
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.53.8
 sergei-esenin.com United States
13335 CLOUDFLARENETUS true
172.67.156.197
 widdensmoywi.sbs United States
13335 CLOUDFLARENETUS true
104.21.33.249
 enlargkiw.sbs United States
13335 CLOUDFLARENETUS true
172.67.173.224
 ehticsprocw.sbs United States
13335 CLOUDFLARENETUS true
188.114.96.3
 drawwyobstacw.sbs European Union
13335 CLOUDFLARENETUS true
104.102.49.254
 steamcommunity.com United States
16625 AKAMAI-ASUS true
172.67.205.156
 resinedyw.sbs United States
13335 CLOUDFLARENETUS true
172.67.140.193
 vennurviot.sbs United States
13335 CLOUDFLARENETUS true
104.21.79.35
 condifendteu.sbs United States
13335 CLOUDFLARENETUS true

Contacted Domains

Name IP Active
condifendteu.sbs 104.21.79.35 true
steamcommunity.com 104.102.49.254 true
vennurviot.sbs 172.67.140.193 true
drawwyobstacw.sbs 188.114.96.3 true
mathcucom.sbs 188.114.96.3 true
widdensmoywi.sbs 172.67.156.197 true
sergei-esenin.com 104.21.53.8 true
ehticsprocw.sbs 172.67.173.224 true
resinedyw.sbs 172.67.205.156 true
enlargkiw.sbs 104.21.33.249 true
allocatinow.sbs unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
enlargkiw.sbs true unknown
allocatinow.sbs true unknown
drawwyobstacw.sbs true unknown
https://widdensmoywi.sbs/api true unknown
mathcucom.sbs true unknown
https://steamcommunity.com/profiles/76561199724331900 true
  • URL Reputation: malware
 unknown
https://vennurviot.sbs/api true unknown
ehticsprocw.sbs true unknown
condifendteu.sbs true unknown
https://drawwyobstacw.sbs/api true unknown
widdensmoywi.sbs true unknown
https://resinedyw.sbs/api true unknown
https://mathcucom.sbs/api true unknown
resinedyw.sbs true unknown
vennurviot.sbs true
    		unknown
    https://condifendteu.sbs/api true
      		unknown
      https://enlargkiw.sbs/api true
        		unknown
        https://sergei-esenin.com/api true
          		unknown