Source: RegAsm.exe, 00000003.00000002.3324031872.0000000006090000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.3321882179.0000000001195000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.3324031872.000000000611C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.3322261762.0000000002DD4000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0 |
Source: RegAsm.exe, 00000003.00000002.3324031872.0000000006090000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.3321882179.0000000001195000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.3324031872.000000000611C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.3322261762.0000000002DD4000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cps.root-x1.letsencrypt.org0 |
Source: RegAsm.exe, 00000003.00000002.3324031872.0000000006090000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.3321882179.0000000001195000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.3324031872.000000000611C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.3322261762.0000000002DD4000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0 |
Source: RegAsm.exe, 00000003.00000002.3322261762.0000000002DCC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://mail.temikan.com.tr |
Source: RegAsm.exe, 00000003.00000002.3324031872.0000000006090000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.3322028135.0000000001234000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.3322261762.0000000002DD4000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://r3.i.lencr.org/0B |
Source: RegAsm.exe, 00000003.00000002.3324031872.0000000006090000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.3322028135.0000000001234000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.3322261762.0000000002DD4000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://r3.o.lencr.org0 |
Source: RegAsm.exe, 00000003.00000002.3322261762.0000000002D51000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: RegAsm.exe, 00000003.00000002.3322261762.0000000002DCC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://temikan.com.tr |
Source: RegAsm.exe, 00000003.00000002.3324031872.0000000006090000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.3322261762.0000000002DD4000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.c.lencr.org/0 |
Source: RegAsm.exe, 00000003.00000002.3324031872.0000000006090000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.3322261762.0000000002DD4000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.i.lencr.org/0 |
Source: RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe, RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe, 00000001.00000002.2067325321.0000000000BCC000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, 00000003.00000002.3321463370.0000000000402000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://account.dyn.com/ |
Source: RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe, RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe, 00000001.00000002.2067325321.0000000000BCC000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, 00000003.00000002.3322261762.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.3321463370.0000000000402000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://api.ipify.org |
Source: RegAsm.exe, 00000003.00000002.3322261762.0000000002D51000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ipify.org/ |
Source: RegAsm.exe, 00000003.00000002.3322261762.0000000002D51000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ipify.org/t |
Source: 3.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.bccad0.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.bccad0.1.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.ba0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Code function: 1_2_00BBB99B | 1_2_00BBB99B |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Code function: 1_2_00BAF1C0 | 1_2_00BAF1C0 |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Code function: 1_2_00BAB922 | 1_2_00BAB922 |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Code function: 1_2_00BB4902 | 1_2_00BB4902 |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Code function: 1_2_00BBD200 | 1_2_00BBD200 |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Code function: 1_2_00BB2DD2 | 1_2_00BB2DD2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_02D14A98 | 3_2_02D14A98 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_02D1A958 | 3_2_02D1A958 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_02D13E80 | 3_2_02D13E80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_02D141C8 | 3_2_02D141C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_02D1F998 | 3_2_02D1F998 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_05AB5D38 | 3_2_05AB5D38 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_05AB91E8 | 3_2_05AB91E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_05ABA130 | 3_2_05ABA130 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_05ABE0D0 | 3_2_05ABE0D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_05AB45A8 | 3_2_05AB45A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_05AB3580 | 3_2_05AB3580 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_05AB3CB0 | 3_2_05AB3CB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_05AB5658 | 3_2_05AB5658 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_05AB0338 | 3_2_05AB0338 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 3_2_05ABC350 | 3_2_05ABC350 |
Source: 3.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.bccad0.1.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.bccad0.1.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.ba0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.bccad0.1.raw.unpack, cPs8D.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.bccad0.1.raw.unpack, 72CF8egH.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.bccad0.1.raw.unpack, G5CXsdn.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.bccad0.1.raw.unpack, 3uPsILA6U.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.bccad0.1.raw.unpack, 6oQOw74dfIt.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.bccad0.1.raw.unpack, aMIWm.cs | Cryptographic APIs: 'CreateDecryptor', 'TransformBlock' |
Source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.bccad0.1.raw.unpack, 3QjbQ514BDx.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.bccad0.1.raw.unpack, 3QjbQ514BDx.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: unknown | Process created: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe "C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe" | |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" | |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" | Jump to behavior |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: aclayers.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sfc.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sfc_os.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rtutils.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: vaultcli.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -23058430092136925s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -100000s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2832 | Thread sleep count: 1832 > 30 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -99875s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2832 | Thread sleep count: 6525 > 30 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -99766s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -99656s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -99547s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -99437s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -99328s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -99212s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -99094s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -98984s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -98875s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -98766s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -98656s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -98547s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -98437s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -98328s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -98218s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -98109s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -98000s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -97890s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -97781s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -97672s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -97562s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -97453s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -97344s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -97234s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -97121s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -97000s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -96891s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -96766s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -96656s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -96547s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -96437s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -96328s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -96217s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -96109s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -96000s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -95890s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -95781s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -95672s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -95562s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2884 | Thread sleep time: -922337203685477s >= -30000s | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 100000 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 99875 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 99766 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 99656 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 99547 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 99437 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 99328 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 99212 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 99094 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 98984 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 98875 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 98766 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 98656 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 98547 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 98437 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 98328 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 98218 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 98109 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 98000 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 97890 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 97781 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 97672 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 97562 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 97453 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 97344 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 97234 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 97121 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 97000 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 96891 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 96766 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 96656 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 96547 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 96437 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 96328 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 96217 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 96109 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 96000 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 95890 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 95781 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 95672 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 95562 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Code function: 1_2_00BA68F4 SetUnhandledExceptionFilter, | 1_2_00BA68F4 |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Code function: 1_2_00BA6490 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 1_2_00BA6490 |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Code function: 1_2_00BACDCF IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 1_2_00BACDCF |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Code function: 1_2_00BA6798 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 1_2_00BA6798 |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 | Jump to behavior |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000 | Jump to behavior |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43C000 | Jump to behavior |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43E000 | Jump to behavior |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: CDB008 | Jump to behavior |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, | 1_2_00BBC84E |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Code function: EnumSystemLocalesW, | 1_2_00BBC18C |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Code function: EnumSystemLocalesW, | 1_2_00BBC1D7 |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, | 1_2_00BBC2FD |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Code function: EnumSystemLocalesW, | 1_2_00BBC272 |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Code function: GetLocaleInfoW, | 1_2_00BB547B |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Code function: GetLocaleInfoW, | 1_2_00BBC550 |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Code function: GetACP,IsValidCodePage,GetLocaleInfoW, | 1_2_00BBBEEA |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, | 1_2_00BBC679 |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Code function: GetLocaleInfoW, | 1_2_00BBC77F |
Source: C:\Users\user\Desktop\RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe | Code function: EnumSystemLocalesW, | 1_2_00BB4F55 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: Yara match | File source: 3.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.bccad0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.bccad0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.ba0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000002.3321463370.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.3322261762.0000000002DCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.3322261762.0000000002DD4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.2067325321.0000000000BCC000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.3322261762.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe PID: 5176, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: RegAsm.exe PID: 6880, type: MEMORYSTR |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini | Jump to behavior |
Source: Yara match | File source: 3.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.bccad0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.bccad0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.ba0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000002.3321463370.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.2067325321.0000000000BCC000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.3322261762.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe PID: 5176, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: RegAsm.exe PID: 6880, type: MEMORYSTR |
Source: Yara match | File source: 3.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.bccad0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.bccad0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe.ba0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000002.3321463370.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.3322261762.0000000002DCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.3322261762.0000000002DD4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.2067325321.0000000000BCC000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.3322261762.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exe PID: 5176, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: RegAsm.exe PID: 6880, type: MEMORYSTR |