Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.114 |
Source: file.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: file.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: file.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: file.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: file.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: file.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: file.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: file.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: file.exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: RegAsm.exe, 00000003.00000002.4432037551.00000000015C5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ns.adobe.c0/exi |
Source: RegAsm.exe, 00000003.00000002.4432037551.00000000015C5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ns.axif/1. |
Source: file.exe |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: file.exe |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: file.exe |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: file.exe |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: Amcache.hve.7.dr |
String found in binary or memory: http://upx.sf.net |
Source: file.exe |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: RegAsm.exe, 00000003.00000002.4427925091.000000000050D000.00000002.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://www.winimage.com/zLibDll |
Source: xpwCRkLhlYosWeb Data.3.dr, wYKrzF2kZeIVWeb Data.3.dr, VMtGrcHgHTqQWeb Data.3.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: xpwCRkLhlYosWeb Data.3.dr, wYKrzF2kZeIVWeb Data.3.dr, VMtGrcHgHTqQWeb Data.3.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: xpwCRkLhlYosWeb Data.3.dr, wYKrzF2kZeIVWeb Data.3.dr, VMtGrcHgHTqQWeb Data.3.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: xpwCRkLhlYosWeb Data.3.dr, wYKrzF2kZeIVWeb Data.3.dr, VMtGrcHgHTqQWeb Data.3.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: RegAsm.exe, 00000003.00000002.4431659242.000000000142C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/ |
Source: RegAsm.exe, 00000003.00000002.4431659242.000000000142C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=102.165.48.43 |
Source: RegAsm.exe, 00000003.00000002.4431042831.00000000013E3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=102.165.48.43c# |
Source: RegAsm.exe, 00000003.00000002.4431042831.00000000013E3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com:443/demo/home.php?s=102.165.48.43 |
Source: xpwCRkLhlYosWeb Data.3.dr, wYKrzF2kZeIVWeb Data.3.dr, VMtGrcHgHTqQWeb Data.3.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: xpwCRkLhlYosWeb Data.3.dr, wYKrzF2kZeIVWeb Data.3.dr, VMtGrcHgHTqQWeb Data.3.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: xpwCRkLhlYosWeb Data.3.dr, wYKrzF2kZeIVWeb Data.3.dr, VMtGrcHgHTqQWeb Data.3.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: RegAsm.exe, 00000003.00000002.4431042831.000000000138A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.4431042831.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.4431659242.000000000142C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/ |
Source: RegAsm.exe, 00000003.00000002.4431042831.00000000013E3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/Mozilla/5.0 |
Source: RegAsm.exe, 00000003.00000002.4427925091.000000000050D000.00000002.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll |
Source: RegAsm.exe, 00000003.00000002.4431042831.000000000138A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.4431042831.00000000013E3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/102.165.48.43 |
Source: RegAsm.exe, 00000003.00000002.4431042831.00000000013E3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io:443/widget/demo/102.165.48.43 |
Source: D87fZN3R3jFeplaces.sqlite.3.dr |
String found in binary or memory: https://support.mozilla.org |
Source: D87fZN3R3jFeplaces.sqlite.3.dr |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: D87fZN3R3jFeplaces.sqlite.3.dr |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL |
Source: RegAsm.exe, 00000003.00000002.4431687850.0000000001447000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.4431042831.000000000138A000.00000004.00000020.00020000.00000000.sdmp, yxO4w5Hk0r4xrYhuxKTloSg.zip.3.dr |
String found in binary or memory: https://t.me/RiseProSUPPORT |
Source: RegAsm.exe, 00000003.00000002.4431687850.0000000001447000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORTu |
Source: RegAsm.exe, 00000003.00000002.4431659242.000000000142C000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.3.dr |
String found in binary or memory: https://t.me/risepro_bot |
Source: RegAsm.exe, 00000003.00000002.4431659242.000000000142C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botackup |
Source: RegAsm.exe, 00000003.00000002.4431659242.000000000142C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botisepro_bot |
Source: xpwCRkLhlYosWeb Data.3.dr, wYKrzF2kZeIVWeb Data.3.dr, VMtGrcHgHTqQWeb Data.3.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: xpwCRkLhlYosWeb Data.3.dr, wYKrzF2kZeIVWeb Data.3.dr, VMtGrcHgHTqQWeb Data.3.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: RegAsm.exe |
String found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address |
Source: D87fZN3R3jFeplaces.sqlite.3.dr |
String found in binary or memory: https://www.mozilla.org |
Source: D87fZN3R3jFeplaces.sqlite.3.dr |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc |
Source: D87fZN3R3jFeplaces.sqlite.3.dr |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6 |
Source: RegAsm.exe, 00000003.00000002.4431687850.0000000001447000.00000004.00000020.00020000.00000000.sdmp, History.txt.3.dr |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ |
Source: RegAsm.exe, 00000003.00000002.4433314934.0000000003B46000.00000004.00000020.00020000.00000000.sdmp, 3b6N2Xdh3CYwplaces.sqlite.3.dr, D87fZN3R3jFeplaces.sqlite.3.dr |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: RegAsm.exe, 00000003.00000002.4431687850.0000000001447000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/OL |
Source: D87fZN3R3jFeplaces.sqlite.3.dr |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: RegAsm.exe, 00000003.00000002.4433314934.0000000003B46000.00000004.00000020.00020000.00000000.sdmp, 3b6N2Xdh3CYwplaces.sqlite.3.dr, D87fZN3R3jFeplaces.sqlite.3.dr |
String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg |
Source: RegAsm.exe, 00000003.00000002.4431687850.0000000001447000.00000004.00000020.00020000.00000000.sdmp, History.txt.3.dr |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/ |
Source: RegAsm.exe, 00000003.00000002.4433314934.0000000003B46000.00000004.00000020.00020000.00000000.sdmp, 3b6N2Xdh3CYwplaces.sqlite.3.dr, D87fZN3R3jFeplaces.sqlite.3.dr |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: RegAsm.exe, 00000003.00000002.4431687850.0000000001447000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/irefox |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_039F32B0 __aulldiv,__aulldiv,__aulldiv,send,__aulldiv,__aulldiv,__aulldiv,send,ExitProcess,__aulldiv,__aulldiv,__aulldiv,send,__aulldiv,__aulldiv,__aulldiv,send,CreateThread,CloseHandle,lstrcatA,lstrcatA,CreateProcessA,lstrcatA,CreateProcessA,Sleep,SetThreadDesktop,OpenDesktopA,EnumDesktopWindows,CloseDesktop,CreateDesktopA,SetThreadDesktop,PostMessageA,PostMessageA,PostMessageA,WindowFromPoint,FindWindowA,GetWindowRect,PtInRect,PostMessageA,RealGetWindowClassA,lstrcmpA,SendMessageA,MenuItemFromPoint,GetMenuItemID,PostMessageA,PostMessageA,WindowFromPoint,SendMessageA,GetWindowLongA,SetWindowLongA,SendMessageA,PostMessageA,PostMessageA,GetWindowPlacement,PostMessageA,PostMessageA,WindowFromPoint,WindowFromPoint,WindowFromPoint,SendMessageA,GetWindowRect,MoveWindow,ScreenToClient,ChildWindowFromPoint,RealGetWindowClassA,RealGetWindowClassA,PostMessageA,PostMessageA,lstrcatA,lstrcatA,CreateProcessA,CreateProcessA,CreateProcessA,PostMessageA,GetCurrentThreadId,GetThreadDesktop,CreateThread,CloseHandle,send,shutdown,closesocket, |
3_2_039F32B0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_01500EEF |
0_2_01500EEF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_039F32B0 |
3_2_039F32B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_03A011D0 |
3_2_03A011D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_03A0C6B0 |
3_2_03A0C6B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_039E94A0 |
3_2_039E94A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_03A0BF70 |
3_2_03A0BF70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_039E9CC0 |
3_2_039E9CC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_039E4380 |
3_2_039E4380 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_03A273E0 |
3_2_03A273E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_03A052B0 |
3_2_03A052B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_039F0230 |
3_2_039F0230 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_039EC240 |
3_2_039EC240 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_03A2709E |
3_2_03A2709E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_03A350D0 |
3_2_03A350D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_03A21070 |
3_2_03A21070 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_039EF060 |
3_2_039EF060 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_03A087D0 |
3_2_03A087D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_03A2773F |
3_2_03A2773F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_03A2B6F0 |
3_2_03A2B6F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_039EF4E0 |
3_2_039EF4E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_039F1BE0 |
3_2_039F1BE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_03A03B40 |
3_2_03A03B40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_03A06B50 |
3_2_03A06B50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_03A398CD |
3_2_03A398CD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_03A35869 |
3_2_03A35869 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_03A3AF5B |
3_2_03A3AF5B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0045E160 |
3_2_0045E160 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004421C0 |
3_2_004421C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004261AD |
3_2_004261AD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0048E350 |
3_2_0048E350 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00456320 |
3_2_00456320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00420440 |
3_2_00420440 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004485E0 |
3_2_004485E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00458670 |
3_2_00458670 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0043A7A0 |
3_2_0043A7A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004569A0 |
3_2_004569A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00562A3E |
3_2_00562A3E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00430AE0 |
3_2_00430AE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00428AEC |
3_2_00428AEC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00422C68 |
3_2_00422C68 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0042CE07 |
3_2_0042CE07 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00436F7F |
3_2_00436F7F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0048F040 |
3_2_0048F040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0054F0B4 |
3_2_0054F0B4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00431250 |
3_2_00431250 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004612C0 |
3_2_004612C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0043D4D0 |
3_2_0043D4D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0041F9F0 |
3_2_0041F9F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0043BBC0 |
3_2_0043BBC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0042DBB0 |
3_2_0042DBB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040DC50 |
3_2_0040DC50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004DBC20 |
3_2_004DBC20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0048DDB0 |
3_2_0048DDB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0043BF1C |
3_2_0043BF1C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00553F91 |
3_2_00553F91 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00441FA0 |
3_2_00441FA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00440004 |
3_2_00440004 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0053803E |
3_2_0053803E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004960E0 |
3_2_004960E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_005A20E3 |
3_2_005A20E3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0059014D |
3_2_0059014D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004261C5 |
3_2_004261C5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0057E1C0 |
3_2_0057E1C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00550262 |
3_2_00550262 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_005AE267 |
3_2_005AE267 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0045A219 |
3_2_0045A219 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_005502D0 |
3_2_005502D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0045E2C8 |
3_2_0045E2C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00426333 |
3_2_00426333 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0054A3C9 |
3_2_0054A3C9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00486390 |
3_2_00486390 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0044A3A8 |
3_2_0044A3A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0044E3B0 |
3_2_0044E3B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0057A462 |
3_2_0057A462 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00536417 |
3_2_00536417 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004024F0 |
3_2_004024F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00426554 |
3_2_00426554 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00430530 |
3_2_00430530 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004605C8 |
3_2_004605C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0044A5F9 |
3_2_0044A5F9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00460748 |
3_2_00460748 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0045E779 |
3_2_0045E779 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0057C79A |
3_2_0057C79A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_005968CD |
3_2_005968CD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004A0930 |
3_2_004A0930 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0045A9C8 |
3_2_0045A9C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0042E9D9 |
3_2_0042E9D9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0044A9F9 |
3_2_0044A9F9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00484990 |
3_2_00484990 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004EAA7F |
3_2_004EAA7F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00492AB0 |
3_2_00492AB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00552B55 |
3_2_00552B55 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_005B2B78 |
3_2_005B2B78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00590B7F |
3_2_00590B7F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0048EB70 |
3_2_0048EB70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0056EB2B |
3_2_0056EB2B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00408CC0 |
3_2_00408CC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0059CCF9 |
3_2_0059CCF9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00428CA3 |
3_2_00428CA3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00484D20 |
3_2_00484D20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0048EE10 |
3_2_0048EE10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00458E19 |
3_2_00458E19 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00428EC8 |
3_2_00428EC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00586EC2 |
3_2_00586EC2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00422E98 |
3_2_00422E98 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00458F79 |
3_2_00458F79 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00426FF7 |
3_2_00426FF7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0069506D |
3_2_0069506D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00429073 |
3_2_00429073 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004370E8 |
3_2_004370E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004890B0 |
3_2_004890B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0043F159 |
3_2_0043F159 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0042D208 |
3_2_0042D208 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00481220 |
3_2_00481220 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00427289 |
3_2_00427289 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004852B0 |
3_2_004852B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0054336D |
3_2_0054336D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0054531E |
3_2_0054531E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0045F3E7 |
3_2_0045F3E7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0042939B |
3_2_0042939B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0053345D |
3_2_0053345D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0059553E |
3_2_0059553E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0048B5C0 |
3_2_0048B5C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004295ED |
3_2_004295ED |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00417630 |
3_2_00417630 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00491630 |
3_2_00491630 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00459639 |
3_2_00459639 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004196C0 |
3_2_004196C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0044B750 |
3_2_0044B750 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00535781 |
3_2_00535781 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00483790 |
3_2_00483790 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00429804 |
3_2_00429804 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0053788A |
3_2_0053788A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004E18B0 |
3_2_004E18B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00449900 |
3_2_00449900 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0053FA64 |
3_2_0053FA64 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00539B16 |
3_2_00539B16 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0045BBD0 |
3_2_0045BBD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00539BC9 |
3_2_00539BC9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00543C20 |
3_2_00543C20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00485CE0 |
3_2_00485CE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00415D0F |
3_2_00415D0F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0045FDE8 |
3_2_0045FDE8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00491DF0 |
3_2_00491DF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00579E59 |
3_2_00579E59 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0043BE50 |
3_2_0043BE50 |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: gpedit.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: activeds.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dssec.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dsuiext.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: framedynos.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: adsldpc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: authz.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dsrole.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: logoncli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntdsapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware |
Source: RegAsm.exe, 00000003.00000002.4431042831.00000000013D3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}<ft |
Source: RegAsm.exe, 00000003.00000002.4433732710.0000000003C28000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}yIvRjsens9odw3+rg/InfIZ/wmzwkaTEj6DKm++dzfv+c0vFC3D8f2s7k72Z0Ukz8EwouIe1bkY501BJ7hfChkygnMWGcfMN1qvYkL1PmepsrLCe+7PrjTT9DWxxPmCiSWb+gOtBMpse4ehc4bZmKHePuHQhDLOXZJkYk/Hnvpqinx5H/RAmF9V66QQ69c3cMlkknjABISDjEDarNtBv3HXar31WXkaip9ZJVp5sLd9nlL9WhDYe6ISuvZ7TbuTtMI6F2NpSZygFN4hSinlw/KNrXG+zuxoeQh8GV/bQoyysjszjrZo+INBnaym5T3wOwsZRu03A5qRtlohBqieG9UBS/xJIQCb65ZPjLSYA1UsqV03RwU1/UB6p/RD1DZQedWvTfeuDLdYDtuOxvs8eTBRItSXliIe0N33NsM3juO9+6aX4TRP6gG3TEPU8Xu6Sd9e6CqCy4nhjcJeWXR2oPRPamAuq4EscYzo7LuUE8pUD3rbQUv114Ne899WnABbDSGvrPiywJvCAusqv5tRAhzjgQwwBpI8z/okTePaceD+47SSJMKHBVnDa8t3EobjCR5LkbzWDGGDVA6b0Ufr8lcW+528sgxPGvbKbR2PcpIC3d3su9fylYuquyzj3LXd/N3Wpn46MsKQ7aeSd8e/yB5VTGfB33dfCS8KOTrC7S8OIqyLz4naUuoA1d2OVN2yXzETzQ/Dzt9y5UoYhqtHgPT8SsdoARtQNtTzf3CSvCPMX/WrTfgpugWrH9VM9RJk4EAg4W+xiEbSKfn96wx2hv5+Nf2Cy5RsUwuPvVT9ASEn0mpNp+mVefspQXJ7CCFPn+pXfl1PTIjxEKsxh/AQ6S00mdZr5WyqaqBCSKZ1q99BXZUBtcEZ6Ozvur/a728zeEHeAbFvJzpM8LVs7QmIiebjGgkEEEv4LuxeGx5qqN3375LRO9cVVCxsjKyLxYiz77yfyry9JtBaK7ZQg5GdJzr21bIiis/qRD7lJSzSzmtX4vRLfUoJgtTsrFUmjuQvX12s/BBSZYtfAKP/6AW7zogy7d0FLc56eoezL45mjOFsADbPi+VB8PF8g/sPALj5WH9tkcdqMzjPLO/DYY2Eopd/4OWR4KfskzdHeVWN7bIdDwADTKm9SnlwOlGOZXd5dapUC7i/LybdNTi46u9AV067bvbVsQLRmC33dwnNqXBUelwkuARCg4L13Cgq3xUlKvVKjop3y/+RRE1uWownKPeOq/zjcnbzB0uLhkEaWZ/zWOaWpjL3tcrXj/1aYc3/LsU79ir6mnUZajW97bNFqlIlme0E1bHb6xvUby/soAVVw6bR9W4AgDF7dL4uyfhcsPDPhJMK/W5shEHgnplfoZHwl/HvPskQciS98AovdtaB1SHhdwJUCSD9T/0n/B8FM+El5+kjChYg+l/ml3fCvitoByu2joIKMrpGQQRx9tSU9IXjmjC+u0q/jOei/DdOWVd5katq5MjpT4/OcCmx8HRu6yhUQECikjQcYjr7j/0TfCsoBp3/5axIJ/UywVxRBK8QOJh3gyWdDHI093PAEO7ab0MpTixDHVM/+VgF5z8dMVzJwgFqzAnFnieiwTWbuv/z0yYu2cmqDA5jOwou+VFOWTrcx9Bi7Pi4E48lbpt4Gq/sCnL6KAJKbsqYh4np4XHnSEC+yL4T3QZu31AtlYYNpPvlTi0Ig+v35RZkYDlugNICkXmLnhu+v3Bx3uBhUNScDAKR3GUevARYCmcsOgOpzqnmvUH0Xfs+09oEmQJUik92LL4+hUl0LHIT8QodVwST9xEDXQFYX8OwtpWWyxCn232i0/No5SWlvd8tYXFTeL+KMZSpu |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: interactivebrokers.co.inVMware20,11696428655d |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655 |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: global block list test formVMware20,11696428655 |
Source: Amcache.hve.7.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: RegAsm.exe, 00000003.00000002.4431042831.00000000013E3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: account.microsoft.com/profileVMware20,11696428655u |
Source: RegAsm.exe, 00000003.00000002.4433732710.0000000003C28000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.IP Surf |
Source: Amcache.hve.7.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p |
Source: RegAsm.exe, 00000003.00000002.4431042831.00000000013C2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000& |
Source: RegAsm.exe, 00000003.00000002.4433581280.0000000003BCB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} |
Source: Amcache.hve.7.dr |
Binary or memory string: vmci.sys |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: AMC password management pageVMware20,11696428655 |
Source: RegAsm.exe, 00000003.00000002.4431577843.00000000013FB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}e |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: tasks.office.comVMware20,11696428655o |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: turbotax.intuit.comVMware20,11696428655t |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: interactivebrokers.comVMware20,11696428655 |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655 |
Source: RegAsm.exe, 00000003.00000002.4431687850.000000000143C000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: -c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_5F4CDF14 |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.7.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.7.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: Interactive Brokers - HKVMware20,11696428655] |
Source: Amcache.hve.7.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.7.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.7.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: bankofamerica.comVMware20,11696428655x |
Source: RegAsm.exe, 00000003.00000002.4431042831.00000000013D3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} f |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655 |
Source: Amcache.hve.7.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655x |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.7.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware, Inc. |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: discord.comVMware20,11696428655f |
Source: RegAsm.exe, 00000003.00000002.4431042831.00000000013D3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.7.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.7.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655} |
Source: Amcache.hve.7.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655 |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^ |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: secure.bankofamerica.comVMware20,11696428655|UE |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: www.interactivebrokers.comVMware20,11696428655} |
Source: Amcache.hve.7.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: outlook.office365.comVMware20,11696428655t |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x |
Source: Amcache.hve.7.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655 |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: outlook.office.comVMware20,11696428655s |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~ |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: ms.portal.azure.comVMware20,11696428655 |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: RegAsm.exe, 00000003.00000002.4433314934.0000000003B29000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&0000001.19041.2006_none_d94bc80de1097097\gdiplus.dll |
Source: Amcache.hve.7.dr |
Binary or memory string: vmci.syshbin` |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z |
Source: Amcache.hve.7.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: dev.azure.comVMware20,11696428655j |
Source: Amcache.hve.7.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: netportal.hdfcbank.comVMware20,11696428655 |
Source: RegAsm.exe, 00000003.00000002.4431042831.00000000013C2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW.? |
Source: Amcache.hve.7.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: SWWRGTsQ_i4kWeb Data.3.dr |
Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004641D9 mov ecx, dword ptr fs:[00000030h] |
3_2_004641D9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004645FC mov eax, dword ptr fs:[00000030h] |
3_2_004645FC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00562A3E mov eax, dword ptr fs:[00000030h] |
3_2_00562A3E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00562A3E mov eax, dword ptr fs:[00000030h] |
3_2_00562A3E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00562A3E mov eax, dword ptr fs:[00000030h] |
3_2_00562A3E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00562A3E mov eax, dword ptr fs:[00000030h] |
3_2_00562A3E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00562A3E mov eax, dword ptr fs:[00000030h] |
3_2_00562A3E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00562A3E mov eax, dword ptr fs:[00000030h] |
3_2_00562A3E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00562A3E mov eax, dword ptr fs:[00000030h] |
3_2_00562A3E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00562A3E mov eax, dword ptr fs:[00000030h] |
3_2_00562A3E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00562A3E mov eax, dword ptr fs:[00000030h] |
3_2_00562A3E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00562A3E mov eax, dword ptr fs:[00000030h] |
3_2_00562A3E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0043CD3B mov eax, dword ptr fs:[00000030h] |
3_2_0043CD3B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00463320 mov eax, dword ptr fs:[00000030h] |
3_2_00463320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00463320 mov eax, dword ptr fs:[00000030h] |
3_2_00463320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0041B4D0 mov eax, dword ptr fs:[00000030h] |
3_2_0041B4D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00553F91 mov eax, dword ptr fs:[00000030h] |
3_2_00553F91 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00553F91 mov eax, dword ptr fs:[00000030h] |
3_2_00553F91 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0041B4D0 mov eax, dword ptr fs:[00000030h] |
3_2_0041B4D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00414090 mov eax, dword ptr fs:[00000030h] |
3_2_00414090 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004643B6 mov eax, dword ptr fs:[00000030h] |
3_2_004643B6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0041B4D0 mov eax, dword ptr fs:[00000030h] |
3_2_0041B4D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004646E9 mov eax, dword ptr fs:[00000030h] |
3_2_004646E9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0041B4D0 mov eax, dword ptr fs:[00000030h] |
3_2_0041B4D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0041F3B0 mov eax, dword ptr fs:[00000030h] |
3_2_0041F3B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0046375F mov eax, dword ptr fs:[00000030h] |
3_2_0046375F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0041B4D0 mov eax, dword ptr fs:[00000030h] |
3_2_0041B4D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00463A47 mov eax, dword ptr fs:[00000030h] |
3_2_00463A47 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00463A47 mov eax, dword ptr fs:[00000030h] |
3_2_00463A47 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00465B43 mov eax, dword ptr fs:[00000030h] |
3_2_00465B43 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\formhistory.sqlite |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\places.sqlite |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\signons.sqlite |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_cjelfplplebdjjenllpjcblmjkfcffne_0.indexeddb.leveldb\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\logins.json |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\signons.sqlite |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_blnieiiffboillknjnepogjhkgnoapac_0.indexeddb.leveldb\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENT |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT |
Jump to behavior |