Source: unknown | TCP traffic detected without corresponding DNS query: 188.166.166.142 |
Source: unknown | TCP traffic detected without corresponding DNS query: 188.166.166.142 |
Source: unknown | TCP traffic detected without corresponding DNS query: 188.166.166.142 |
Source: unknown | TCP traffic detected without corresponding DNS query: 188.166.166.142 |
Source: unknown | TCP traffic detected without corresponding DNS query: 188.166.166.142 |
Source: unknown | TCP traffic detected without corresponding DNS query: 188.166.166.142 |
Source: unknown | TCP traffic detected without corresponding DNS query: 188.166.166.142 |
Source: unknown | TCP traffic detected without corresponding DNS query: 188.166.166.142 |
Source: unknown | TCP traffic detected without corresponding DNS query: 188.166.166.142 |
Source: unknown | TCP traffic detected without corresponding DNS query: 188.166.166.142 |
Source: unknown | TCP traffic detected without corresponding DNS query: 188.166.166.142 |
Source: unknown | TCP traffic detected without corresponding DNS query: 188.166.166.142 |
Source: unknown | TCP traffic detected without corresponding DNS query: 188.166.166.142 |
Source: unknown | TCP traffic detected without corresponding DNS query: 188.166.166.142 |
Source: unknown | TCP traffic detected without corresponding DNS query: 188.166.166.142 |
Source: unknown | TCP traffic detected without corresponding DNS query: 188.166.166.142 |
Source: unknown | TCP traffic detected without corresponding DNS query: 188.166.166.142 |
Source: unknown | TCP traffic detected without corresponding DNS query: 188.166.166.142 |
Source: unknown | TCP traffic detected without corresponding DNS query: 188.166.166.142 |
Source: unknown | TCP traffic detected without corresponding DNS query: 188.166.166.142 |
Source: unknown | TCP traffic detected without corresponding DNS query: 188.166.166.142 |
Source: Stealer.exe, 00000000.00000002.466707746.000000001BF59000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: Stealer.exe, 00000000.00000002.466624556.000000001A554000.00000004.00000020.00020000.00000000.sdmp, Stealer.exe, 00000000.00000002.466707746.000000001BF1B000.00000004.00000020.00020000.00000000.sdmp, Stealer.exe, 00000000.00000002.466707746.000000001BF59000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06 |
Source: Stealer.exe, 00000000.00000002.466707746.000000001BF59000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.entrust.net/2048ca.crl0 |
Source: Stealer.exe, 00000000.00000002.466707746.000000001BF59000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.entrust.net/server1.crl0 |
Source: Stealer.exe, 00000000.00000002.466707746.000000001BF43000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: Stealer.exe, 00000000.00000002.466707746.000000001BF59000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0 |
Source: Stealer.exe, 00000000.00000002.466707746.000000001BF59000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0 |
Source: Stealer.exe, 00000000.00000002.466413641.00000000021B1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ip-api.com |
Source: Stealer.exe, 00000000.00000002.466624556.000000001A554000.00000004.00000020.00020000.00000000.sdmp, Stealer.exe, 00000000.00000002.466413641.00000000021B1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ip-api.com/json |
Source: Stealer.exe, 00000000.00000002.466413641.00000000022D3000.00000004.00000800.00020000.00000000.sdmp, Stealer.exe, 00000000.00000002.466413641.00000000021B1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://izrukvro5khcol3z7cvvdq3akeunlod2gshgn7ppo3a4jvse3z5hpiyd.onion/stld/4c9395d28d054ddebee26b2aa |
Source: Stealer.exe, 00000000.00000002.466707746.000000001BF59000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.comodoca.com0 |
Source: Stealer.exe, 00000000.00000002.466707746.000000001BF1B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.comodoca.com0% |
Source: Stealer.exe, 00000000.00000002.466707746.000000001BF59000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.comodoca.com0- |
Source: Stealer.exe, 00000000.00000002.466707746.000000001BF59000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.comodoca.com0/ |
Source: Stealer.exe, 00000000.00000002.466624556.000000001A554000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.comodoca.com05 |
Source: Stealer.exe, 00000000.00000002.466707746.000000001BF59000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.entrust.net03 |
Source: Stealer.exe, 00000000.00000002.466707746.000000001BF59000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.entrust.net0D |
Source: Stealer.exe, 00000000.00000002.466413641.00000000023CE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://pastebin.com |
Source: Stealer.exe, 00000000.00000002.466413641.00000000023CE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://pastebin.comp |
Source: Stealer.exe, 00000000.00000002.466413641.00000000021B1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Stealer.exe, 00000000.00000002.466413641.00000000023AD000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://t.me |
Source: Stealer.exe, 00000000.00000002.466413641.00000000023AD000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://t.mep |
Source: Stealer.exe, 00000000.00000002.466707746.000000001BF59000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.digicert.com.my/cps.htm02 |
Source: Stealer.exe, 00000000.00000002.466707746.000000001BF59000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0 |
Source: Stealer.exe, 00000000.00000002.466413641.000000000227C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: Stealer.exe, 00000000.00000002.466413641.000000000227C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: Stealer.exe, 00000000.00000002.466413641.00000000023CE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://cdn5.cdn-telegram.org/file/urI_EKpgc2j3bnVEG7hJPiftbxwqp29Csge9PUwai_V9SyHDH8vYkc30DN237hWwA |
Source: Stealer.exe, 00000000.00000002.466413641.000000000227C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: Stealer.exe, 00000000.00000002.466413641.000000000227C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: Stealer.exe, 00000000.00000002.466413641.000000000227C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: Stealer.exe | String found in binary or memory: https://github.com/L1ghtM4n/TorProxy/blob/main/LIB/Tor.zip?raw=true |
Source: Stealer.exe, 00000000.00000002.466413641.00000000023CE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://pastebin.com |
Source: Stealer.exe, 00000000.00000002.466413641.00000000022D3000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://pastebin.com/raw/ |
Source: Stealer.exe, 00000000.00000002.466413641.00000000023CE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://pastebin.com/raw/X2Ddjiv0 |
Source: Stealer.exe, 00000000.00000002.466413641.00000000023CE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://pastebin.com/raw/X2Ddjiv0p |
Source: Stealer.exe, 00000000.00000002.466413641.00000000021B1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://pastebin.com/raw/cription |
Source: Stealer.exe, 00000000.00000002.466413641.000000000227C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search |
Source: Stealer.exe, 00000000.00000002.466413641.000000000227C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: Stealer.exe, 00000000.00000002.466624556.000000001A554000.00000004.00000020.00020000.00000000.sdmp, Stealer.exe, 00000000.00000002.466707746.000000001BF1B000.00000004.00000020.00020000.00000000.sdmp, Stealer.exe, 00000000.00000002.466707746.000000001BF59000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://secure.comodo.com/CPS0 |
Source: Stealer.exe, 00000000.00000002.466413641.00000000021B1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash |
Source: Stealer.exe, 00000000.00000002.466413641.00000000022D3000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://t.me |
Source: Stealer.exe, 00000000.00000002.466413641.00000000023CE000.00000004.00000800.00020000.00000000.sdmp, Stealer.exe, 00000000.00000002.466413641.00000000021B1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://t.me/tor_proxies |
Source: Stealer.exe, 00000000.00000002.466413641.00000000022D3000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://t.me/tor_proxiesp |
Source: Stealer.exe, 00000000.00000002.466413641.00000000021B1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://web.telegram.org |
Source: Stealer.exe, 00000000.00000002.466413641.000000000227C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com/favicon.ico |
Source: C:\Users\user\Desktop\Stealer.exe | Code function: 0_2_000007FE93DB2C2D | 0_2_000007FE93DB2C2D |
Source: C:\Users\user\Desktop\Stealer.exe | Code function: 0_2_000007FE93DA3BF5 | 0_2_000007FE93DA3BF5 |
Source: C:\Users\user\Desktop\Stealer.exe | Code function: 0_2_000007FE93D8CA06 | 0_2_000007FE93D8CA06 |
Source: C:\Users\user\Desktop\Stealer.exe | Code function: 0_2_000007FE93D998ED | 0_2_000007FE93D998ED |
Source: C:\Users\user\Desktop\Stealer.exe | Code function: 0_2_000007FE93DB0DAA | 0_2_000007FE93DB0DAA |
Source: C:\Users\user\Desktop\Stealer.exe | Code function: 0_2_000007FE93DAE211 | 0_2_000007FE93DAE211 |
Source: C:\Users\user\Desktop\Stealer.exe | Code function: 0_2_000007FE93D961B0 | 0_2_000007FE93D961B0 |
Source: C:\Users\user\Desktop\Stealer.exe | Code function: 0_2_000007FE93D940D5 | 0_2_000007FE93D940D5 |
Source: C:\Users\user\Desktop\Stealer.exe | Code function: 0_2_000007FE93DA4794 | 0_2_000007FE93DA4794 |
Source: C:\Users\user\Desktop\Stealer.exe | Code function: 0_2_000007FE93DA2784 | 0_2_000007FE93DA2784 |
Source: C:\Users\user\Desktop\Stealer.exe | Code function: 0_2_000007FE93D8D7B2 | 0_2_000007FE93D8D7B2 |
Source: C:\Users\user\Desktop\Stealer.exe | Code function: 0_2_000007FE93D856F1 | 0_2_000007FE93D856F1 |
Source: C:\Users\user\Desktop\Stealer.exe | Code function: 0_2_000007FE93D876F0 | 0_2_000007FE93D876F0 |
Source: C:\Users\user\Desktop\Stealer.exe | Code function: 0_2_000007FE93D88568 | 0_2_000007FE93D88568 |
Source: C:\Users\user\Desktop\Stealer.exe | Code function: 0_2_000007FE93D81008 | 0_2_000007FE93D81008 |
Source: C:\Users\user\Desktop\Stealer.exe | Code function: 0_2_000007FE93D81030 | 0_2_000007FE93D81030 |
Source: C:\Users\user\Desktop\Stealer.exe | Code function: 0_2_000007FE93D81028 | 0_2_000007FE93D81028 |
Source: C:\Users\user\Desktop\Stealer.exe | Code function: 0_2_000007FE93D81020 | 0_2_000007FE93D81020 |
Source: C:\Users\user\Desktop\Stealer.exe | Code function: 0_2_000007FE93D81070 | 0_2_000007FE93D81070 |
Source: C:\Users\user\Desktop\Stealer.exe | Code function: 0_2_000007FE93D81068 | 0_2_000007FE93D81068 |
Source: C:\Users\user\Desktop\Stealer.exe | Code function: 0_2_000007FE93D8C509 | 0_2_000007FE93D8C509 |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: bcrypt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: rtutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: webio.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: credssp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: rpcrtremote.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: wbemcomn2.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: ntdsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Section loaded: winbrand.dll | Jump to behavior |
Source: C:\Windows\System32\chcp.com | Section loaded: ulib.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: credui.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: rasmontr.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: mprapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: mfc42u.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: odbc32.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: nshwfp.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: dhcpcmonitor.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: dhcpqec.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: qutil.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wevtapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wshelper.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: ws2help.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: nshhttp.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: httpapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: fwcfg.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: firewallapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: authfwcfg.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: bcrypt.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: winipsec.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: ifmon.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: nci.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: devrtl.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: netiohlp.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: whhelper.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: webio.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: hnetmon.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: netshell.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: rpcnsh.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: dot3cfg.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: dot3api.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: atl.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: eappcfg.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: onex.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: eappprxy.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: napmontr.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: certcli.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: nshipsec.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: netapi32.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wkscli.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: logoncli.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: activeds.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: adsldpc.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: polstore.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: nettrace.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: ndfapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wdi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: tdh.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wcnnetsh.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wlanapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wlanutil.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: p2pnetsh.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: p2p.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: p2pcollab.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wwancfg.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wwapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wlancfg.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wlanhlp.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: peerdistsh.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: rpcrtremote.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Section loaded: winbrand.dll | Jump to behavior |
Source: C:\Windows\System32\chcp.com | Section loaded: ulib.dll | Jump to behavior |
Source: C:\Windows\System32\PING.EXE | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\System32\PING.EXE | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\System32\PING.EXE | Section loaded: cryptbase.dll | Jump to behavior |
Source: unknown | Process created: C:\Users\user\Desktop\Stealer.exe "C:\Users\user\Desktop\Stealer.exe" | |
Source: C:\Users\user\Desktop\Stealer.exe | Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All | |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\chcp.com chcp 65001 | |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\netsh.exe netsh wlan show profile | |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\findstr.exe findstr All | |
Source: C:\Users\user\Desktop\Stealer.exe | Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && DEL /F /S /Q /A "C:\Users\user\Desktop\Stealer.exe" | |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\chcp.com chcp 65001 | |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\PING.EXE ping 127.0.0.1 | |
Source: C:\Users\user\Desktop\Stealer.exe | Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && DEL /F /S /Q /A "C:\Users\user\Desktop\Stealer.exe" | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\chcp.com chcp 65001 | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\netsh.exe netsh wlan show profile | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\findstr.exe findstr All | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\chcp.com chcp 65001 | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\PING.EXE ping 127.0.0.1 | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Directory queried: C:\Users\user\Documents | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Directory queried: C:\Users\user\Documents | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Directory queried: C:\Users\user\Documents | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Directory queried: C:\Users\user\Documents | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Directory queried: C:\Users\user\Documents | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Directory queried: C:\Users\user\Documents\CURQNKVOIX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Directory queried: C:\Users\user\Documents\CURQNKVOIX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Directory queried: C:\Users\user\Documents\CURQNKVOIX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Directory queried: C:\Users\user\Documents\CURQNKVOIX | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Directory queried: C:\Users\user\Documents\JSDNGYCOWY | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Directory queried: C:\Users\user\Documents\JSDNGYCOWY | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Directory queried: C:\Users\user\Documents\NEBFQQYWPS | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Directory queried: C:\Users\user\Documents\NEBFQQYWPS | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Directory queried: C:\Users\user\Documents\Outlook Files | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Directory queried: C:\Users\user\Documents\Outlook Files | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Directory queried: C:\Users\user\Documents\SFPUSAFIOL | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Directory queried: C:\Users\user\Documents\SFPUSAFIOL | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Directory queried: C:\Users\user\Documents\WKXEWIOTXI | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Directory queried: C:\Users\user\Documents\WKXEWIOTXI | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Directory queried: C:\Users\user\Documents\ZBEDCJPBEY | Jump to behavior |
Source: C:\Users\user\Desktop\Stealer.exe | Directory queried: C:\Users\user\Documents\ZBEDCJPBEY | Jump to behavior |