Source: RegAsm.exe, 0000000F.00000003.317809114.0000000004453000.00000004.00000001.sdmp, vbc.exe, 00000010.00000002.325404707.0000000000400000.00000040.00000001.sdmp, RegAsm.exe, 00000016.00000002.506342251.0000000004EC0000.00000004.00000001.sdmp, vbc.exe, 00000017.00000002.418820709.0000000000400000.00000040.00000001.sdmp | String found in binary or memory: @dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.datSoftware\Microsoft\Internet Explorer\IntelliForms\Storage2https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook) |
Source: RegAsm.exe, 0000000F.00000003.317809114.0000000004453000.00000004.00000001.sdmp, vbc.exe, 00000010.00000002.325404707.0000000000400000.00000040.00000001.sdmp, RegAsm.exe, 00000016.00000002.506342251.0000000004EC0000.00000004.00000001.sdmp, vbc.exe, 00000017.00000002.418820709.0000000000400000.00000040.00000001.sdmp | String found in binary or memory: @dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.datSoftware\Microsoft\Internet Explorer\IntelliForms\Storage2https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo) |
Source: vbc.exe | String found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook) |
Source: vbc.exe, 00000010.00000003.324795797.0000000000A70000.00000004.00000001.sdmp, vbc.exe, 00000017.00000003.418517286.000000000216F000.00000004.00000001.sdmp | String found in binary or memory: https://www.microsoft.com/en-us/welcomeie11/https://www.microsoft.com/en-us/edge?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edgehttps://www.microsoft.com/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/edge/https://www.microsoft.com/en-us/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edge/https://www.google.com/chrome/https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0https://www.google.com/chrome/thank-you.htmlhttps://www.bing.com/search?q=chrome+download&src=IE-SearchBox&FORM=IESR4A&pc=EUPP_https://www.bing.com/searchhttps://go.microsoft.com/fwlink/?LinkId=838604https://go.microsoft.com/fwlink/https://go.microsoft.com/fwlink/p/?LinkId=255141https://go.microsoft.com/fwlink/p/https://go.microsoft.com/fwlink/?LinkId=517287res://C:\Windows\system32\mmcndmgr.dll/views.htmhttp://www.msn.com/?ocid=iehphttp://www.msn.com/http://www.msn.com/de-ch/?ocid=iehphttp://www.msn.com/de-ch/http://go.microsoft.com/fwlink/?LinkId=838604http://go.microsoft.com/fwlink/http://go.microsoft.com/fwlink/p/?LinkId=255141http://go.microsoft.com/fwlink/p/https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook) |
Source: vbc.exe, 00000010.00000003.324795797.0000000000A70000.00000004.00000001.sdmp, vbc.exe, 00000017.00000003.418517286.000000000216F000.00000004.00000001.sdmp | String found in binary or memory: https://www.microsoft.com/en-us/welcomeie11/https://www.microsoft.com/en-us/edge?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edgehttps://www.microsoft.com/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/edge/https://www.microsoft.com/en-us/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edge/https://www.google.com/chrome/https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0https://www.google.com/chrome/thank-you.htmlhttps://www.bing.com/search?q=chrome+download&src=IE-SearchBox&FORM=IESR4A&pc=EUPP_https://www.bing.com/searchhttps://go.microsoft.com/fwlink/?LinkId=838604https://go.microsoft.com/fwlink/https://go.microsoft.com/fwlink/p/?LinkId=255141https://go.microsoft.com/fwlink/p/https://go.microsoft.com/fwlink/?LinkId=517287res://C:\Windows\system32\mmcndmgr.dll/views.htmhttp://www.msn.com/?ocid=iehphttp://www.msn.com/http://www.msn.com/de-ch/?ocid=iehphttp://www.msn.com/de-ch/http://go.microsoft.com/fwlink/?LinkId=838604http://go.microsoft.com/fwlink/http://go.microsoft.com/fwlink/p/?LinkId=255141http://go.microsoft.com/fwlink/p/https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo) |
Source: RegAsm.exe, 0000000F.00000003.317809114.0000000004453000.00000004.00000001.sdmp, vbc.exe, 00000010.00000002.325404707.0000000000400000.00000040.00000001.sdmp, RegAsm.exe, 00000016.00000002.506342251.0000000004EC0000.00000004.00000001.sdmp, vbc.exe, 00000017.00000002.418820709.0000000000400000.00000040.00000001.sdmp | String found in binary or memory: @dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.datSoftware\Microsoft\Internet Explorer\IntelliForms\Storage2https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook) |
Source: RegAsm.exe, 0000000F.00000003.317809114.0000000004453000.00000004.00000001.sdmp, vbc.exe, 00000010.00000002.325404707.0000000000400000.00000040.00000001.sdmp, RegAsm.exe, 00000016.00000002.506342251.0000000004EC0000.00000004.00000001.sdmp, vbc.exe, 00000017.00000002.418820709.0000000000400000.00000040.00000001.sdmp | String found in binary or memory: @dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.datSoftware\Microsoft\Internet Explorer\IntelliForms\Storage2https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo) |
Source: vbc.exe | String found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook) |
Source: vbc.exe, 00000010.00000003.324795797.0000000000A70000.00000004.00000001.sdmp, vbc.exe, 00000017.00000003.418517286.000000000216F000.00000004.00000001.sdmp | String found in binary or memory: https://www.microsoft.com/en-us/welcomeie11/https://www.microsoft.com/en-us/edge?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edgehttps://www.microsoft.com/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/edge/https://www.microsoft.com/en-us/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edge/https://www.google.com/chrome/https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0https://www.google.com/chrome/thank-you.htmlhttps://www.bing.com/search?q=chrome+download&src=IE-SearchBox&FORM=IESR4A&pc=EUPP_https://www.bing.com/searchhttps://go.microsoft.com/fwlink/?LinkId=838604https://go.microsoft.com/fwlink/https://go.microsoft.com/fwlink/p/?LinkId=255141https://go.microsoft.com/fwlink/p/https://go.microsoft.com/fwlink/?LinkId=517287res://C:\Windows\system32\mmcndmgr.dll/views.htmhttp://www.msn.com/?ocid=iehphttp://www.msn.com/http://www.msn.com/de-ch/?ocid=iehphttp://www.msn.com/de-ch/http://go.microsoft.com/fwlink/?LinkId=838604http://go.microsoft.com/fwlink/http://go.microsoft.com/fwlink/p/?LinkId=255141http://go.microsoft.com/fwlink/p/https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook) |
Source: vbc.exe, 00000010.00000003.324795797.0000000000A70000.00000004.00000001.sdmp, vbc.exe, 00000017.00000003.418517286.000000000216F000.00000004.00000001.sdmp | String found in binary or memory: https://www.microsoft.com/en-us/welcomeie11/https://www.microsoft.com/en-us/edge?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edgehttps://www.microsoft.com/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/edge/https://www.microsoft.com/en-us/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edge/https://www.google.com/chrome/https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0https://www.google.com/chrome/thank-you.htmlhttps://www.bing.com/search?q=chrome+download&src=IE-SearchBox&FORM=IESR4A&pc=EUPP_https://www.bing.com/searchhttps://go.microsoft.com/fwlink/?LinkId=838604https://go.microsoft.com/fwlink/https://go.microsoft.com/fwlink/p/?LinkId=255141https://go.microsoft.com/fwlink/p/https://go.microsoft.com/fwlink/?LinkId=517287res://C:\Windows\system32\mmcndmgr.dll/views.htmhttp://www.msn.com/?ocid=iehphttp://www.msn.com/http://www.msn.com/de-ch/?ocid=iehphttp://www.msn.com/de-ch/http://go.microsoft.com/fwlink/?LinkId=838604http://go.microsoft.com/fwlink/http://go.microsoft.com/fwlink/p/?LinkId=255141http://go.microsoft.com/fwlink/p/https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo) |
Source: RegAsm.exe, 00000016.00000002.503725688.0000000002ED3000.00000004.00000001.sdmp | String found in binary or memory: http://bot.whatismyipaddress.com/ |
Source: RegAsm.exe, 0000000F.00000002.502301826.0000000002BF3000.00000004.00000001.sdmp, RegAsm.exe, 00000016.00000002.503725688.0000000002ED3000.00000004.00000001.sdmp | String found in binary or memory: http://pomf.cat/upload.php |
Source: RegAsm.exe, 0000000F.00000002.497516349.0000000000402000.00000040.00000001.sdmp, RegAsm.exe, 00000016.00000002.497513323.0000000000402000.00000040.00000001.sdmp | String found in binary or memory: http://pomf.cat/upload.php&https://a.pomf.cat/ |
Source: RegAsm.exe, 0000000F.00000002.502301826.0000000002BF3000.00000004.00000001.sdmp, RegAsm.exe, 00000016.00000002.503725688.0000000002ED3000.00000004.00000001.sdmp | String found in binary or memory: http://pomf.cat/upload.phpCContent-Disposition: |
Source: vbc.exe, 00000017.00000002.419165439.000000000070A000.00000004.00000020.sdmp | String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico |
Source: vbc.exe, 00000017.00000002.419165439.000000000070A000.00000004.00000020.sdmp | String found in binary or memory: http://www.msn.com/?ocid=iehpLMEM |
Source: vbc.exe, 00000017.00000002.419165439.000000000070A000.00000004.00000020.sdmp | String found in binary or memory: http://www.msn.com/de-ch/?ocid=iehpLMEMh |
Source: vbc.exe, 00000010.00000002.325382805.000000000019C000.00000004.00000010.sdmp, vbc.exe, 00000017.00000002.418774433.000000000019C000.00000004.00000010.sdmp | String found in binary or memory: http://www.nirsoft.net |
Source: vbc.exe, vbc.exe, 0000001C.00000002.459461387.0000000000400000.00000040.00000001.sdmp | String found in binary or memory: http://www.nirsoft.net/ |
Source: RegAsm.exe, 0000000F.00000002.502301826.0000000002BF3000.00000004.00000001.sdmp, RegAsm.exe, 00000016.00000002.503725688.0000000002ED3000.00000004.00000001.sdmp | String found in binary or memory: https://a.pomf.cat/ |
Source: vbc.exe | String found in binary or memory: https://login.yahoo.com/config/login |
Source: vbc.exe | String found in binary or memory: https://www.google.com/accounts/servicelogin |
Source: RegAsm.exe, 00000016.00000002.503725688.0000000002ED3000.00000004.00000001.sdmp | String found in binary or memory: http://bot.whatismyipaddress.com/ |
Source: RegAsm.exe, 0000000F.00000002.502301826.0000000002BF3000.00000004.00000001.sdmp, RegAsm.exe, 00000016.00000002.503725688.0000000002ED3000.00000004.00000001.sdmp | String found in binary or memory: http://pomf.cat/upload.php |
Source: RegAsm.exe, 0000000F.00000002.497516349.0000000000402000.00000040.00000001.sdmp, RegAsm.exe, 00000016.00000002.497513323.0000000000402000.00000040.00000001.sdmp | String found in binary or memory: http://pomf.cat/upload.php&https://a.pomf.cat/ |
Source: RegAsm.exe, 0000000F.00000002.502301826.0000000002BF3000.00000004.00000001.sdmp, RegAsm.exe, 00000016.00000002.503725688.0000000002ED3000.00000004.00000001.sdmp | String found in binary or memory: http://pomf.cat/upload.phpCContent-Disposition: |
Source: vbc.exe, 00000017.00000002.419165439.000000000070A000.00000004.00000020.sdmp | String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico |
Source: vbc.exe, 00000017.00000002.419165439.000000000070A000.00000004.00000020.sdmp | String found in binary or memory: http://www.msn.com/?ocid=iehpLMEM |
Source: vbc.exe, 00000017.00000002.419165439.000000000070A000.00000004.00000020.sdmp | String found in binary or memory: http://www.msn.com/de-ch/?ocid=iehpLMEMh |
Source: vbc.exe, 00000010.00000002.325382805.000000000019C000.00000004.00000010.sdmp, vbc.exe, 00000017.00000002.418774433.000000000019C000.00000004.00000010.sdmp | String found in binary or memory: http://www.nirsoft.net |
Source: vbc.exe, vbc.exe, 0000001C.00000002.459461387.0000000000400000.00000040.00000001.sdmp | String found in binary or memory: http://www.nirsoft.net/ |
Source: RegAsm.exe, 0000000F.00000002.502301826.0000000002BF3000.00000004.00000001.sdmp, RegAsm.exe, 00000016.00000002.503725688.0000000002ED3000.00000004.00000001.sdmp | String found in binary or memory: https://a.pomf.cat/ |
Source: vbc.exe | String found in binary or memory: https://login.yahoo.com/config/login |
Source: vbc.exe | String found in binary or memory: https://www.google.com/accounts/servicelogin |
Source: 0000001C.00000002.459461387.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 00000016.00000002.506342251.0000000004EC0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 0000000F.00000002.502348427.0000000002BF9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 0000000F.00000002.497516349.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 0000000F.00000002.505980703.0000000004BE0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 00000016.00000002.503776378.0000000002ED9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 00000016.00000002.497513323.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: Process Memory Space: RegAsm.exe PID: 6932, type: MEMORY | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: Process Memory Space: RegAsm.exe PID: 6276, type: MEMORY | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 15.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 15.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 28.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 22.2.RegAsm.exe.4ec0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 15.2.RegAsm.exe.4be0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 22.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 22.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 28.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 15.2.RegAsm.exe.4be0000.1.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 22.2.RegAsm.exe.4ec0000.1.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 0000001C.00000002.459461387.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 00000016.00000002.506342251.0000000004EC0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 0000000F.00000002.502348427.0000000002BF9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 0000000F.00000002.497516349.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 0000000F.00000002.505980703.0000000004BE0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 00000016.00000002.503776378.0000000002ED9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 00000016.00000002.497513323.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: Process Memory Space: RegAsm.exe PID: 6932, type: MEMORY | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: Process Memory Space: RegAsm.exe PID: 6276, type: MEMORY | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 15.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 15.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 28.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 22.2.RegAsm.exe.4ec0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 15.2.RegAsm.exe.4be0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 22.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 22.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 28.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 15.2.RegAsm.exe.4be0000.1.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 22.2.RegAsm.exe.4ec0000.1.unpack, type: UNPACKEDPE | Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_00E89BF5 | 15_2_00E89BF5 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC74C0 | 15_2_04DC74C0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC0098 | 15_2_04DC0098 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC0C91 | 15_2_04DC0C91 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC1C58 | 15_2_04DC1C58 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC7E50 | 15_2_04DC7E50 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC3260 | 15_2_04DC3260 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC3FD8 | 15_2_04DC3FD8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC4FE0 | 15_2_04DC4FE0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DCA1E0 | 15_2_04DCA1E0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC79B8 | 15_2_04DC79B8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC8B50 | 15_2_04DC8B50 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC0F78 | 15_2_04DC0F78 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC32DA | 15_2_04DC32DA |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC38D0 | 15_2_04DC38D0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC32F3 | 15_2_04DC32F3 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC60B0 | 15_2_04DC60B0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC74B0 | 15_2_04DC74B0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC60A0 | 15_2_04DC60A0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC32A1 | 15_2_04DC32A1 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC3250 | 15_2_04DC3250 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC7E00 | 15_2_04DC7E00 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC3431 | 15_2_04DC3431 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC0828 | 15_2_04DC0828 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC2FC8 | 15_2_04DC2FC8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC53C8 | 15_2_04DC53C8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC3FC8 | 15_2_04DC3FC8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC79C8 | 15_2_04DC79C8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC43C0 | 15_2_04DC43C0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC99E2 | 15_2_04DC99E2 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC0784 | 15_2_04DC0784 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC3380 | 15_2_04DC3380 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC6980 | 15_2_04DC6980 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC2FB8 | 15_2_04DC2FB8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC53B8 | 15_2_04DC53B8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC3B58 | 15_2_04DC3B58 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC3359 | 15_2_04DC3359 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC8B40 | 15_2_04DC8B40 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC2578 | 15_2_04DC2578 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC1B71 | 15_2_04DC1B71 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC3B68 | 15_2_04DC3B68 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC3968 | 15_2_04DC3968 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC333F | 15_2_04DC333F |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC7F32 | 15_2_04DC7F32 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_00E89BF5 | 15_2_00E89BF5 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC74C0 | 15_2_04DC74C0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC0098 | 15_2_04DC0098 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC0C91 | 15_2_04DC0C91 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC1C58 | 15_2_04DC1C58 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC7E50 | 15_2_04DC7E50 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC3260 | 15_2_04DC3260 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC3FD8 | 15_2_04DC3FD8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC4FE0 | 15_2_04DC4FE0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DCA1E0 | 15_2_04DCA1E0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC79B8 | 15_2_04DC79B8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC8B50 | 15_2_04DC8B50 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC0F78 | 15_2_04DC0F78 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC32DA | 15_2_04DC32DA |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC38D0 | 15_2_04DC38D0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC32F3 | 15_2_04DC32F3 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC60B0 | 15_2_04DC60B0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC74B0 | 15_2_04DC74B0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC60A0 | 15_2_04DC60A0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC32A1 | 15_2_04DC32A1 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC3250 | 15_2_04DC3250 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC7E00 | 15_2_04DC7E00 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC3431 | 15_2_04DC3431 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC0828 | 15_2_04DC0828 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC2FC8 | 15_2_04DC2FC8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC53C8 | 15_2_04DC53C8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC3FC8 | 15_2_04DC3FC8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC79C8 | 15_2_04DC79C8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC43C0 | 15_2_04DC43C0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC99E2 | 15_2_04DC99E2 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC0784 | 15_2_04DC0784 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC3380 | 15_2_04DC3380 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC6980 | 15_2_04DC6980 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC2FB8 | 15_2_04DC2FB8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC53B8 | 15_2_04DC53B8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC3B58 | 15_2_04DC3B58 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC3359 | 15_2_04DC3359 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC8B40 | 15_2_04DC8B40 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC2578 | 15_2_04DC2578 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC1B71 | 15_2_04DC1B71 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC3B68 | 15_2_04DC3B68 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC3968 | 15_2_04DC3968 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC333F | 15_2_04DC333F |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 15_2_04DC7F32 | 15_2_04DC7F32 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 16_2_004360CE | 16_2_004360CE |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 16_2_0040509C | 16_2_0040509C |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 16_2_00405199 | 16_2_00405199 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 16_2_0043C2D0 | 16_2_0043C2D0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 16_2_00440406 | 16_2_00440406 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 16_2_0040451D | 16_2_0040451D |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 16_2_004045FF | 16_2_004045FF |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 16_2_0040458E | 16_2_0040458E |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 16_2_00404690 | 16_2_00404690 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 16_2_00414A51 | 16_2_00414A51 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 16_2_00404C08 | 16_2_00404C08 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 16_2_00406C8E | 16_2_00406C8E |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 16_2_00415DF3 | 16_2_00415DF3 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 16_2_00416E5C | 16_2_00416E5C |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 16_2_00410FE4 | 16_2_00410FE4 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B3968 | 22_2_010B3968 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B79C8 | 22_2_010B79C8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B85E0 | 22_2_010B85E0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B4FF0 | 22_2_010B4FF0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B1C58 | 22_2_010B1C58 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B7E50 | 22_2_010B7E50 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B9C90 | 22_2_010B9C90 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B0CA0 | 22_2_010B0CA0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B74B0 | 22_2_010B74B0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B7F32 | 22_2_010B7F32 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B3B58 | 22_2_010B3B58 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B2569 | 22_2_010B2569 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B3B68 | 22_2_010B3B68 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B2578 | 22_2_010B2578 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B6980 | 22_2_010B6980 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B6990 | 22_2_010B6990 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B5F95 | 22_2_010B5F95 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B53B8 | 22_2_010B53B8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B79B8 | 22_2_010B79B8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B43B1 | 22_2_010B43B1 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B1BB7 | 22_2_010B1BB7 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B2FC8 | 22_2_010B2FC8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B53C8 | 22_2_010B53C8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B3FC8 | 22_2_010B3FC8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B43C0 | 22_2_010B43C0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B2FC0 | 22_2_010B2FC0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B3FD8 | 22_2_010B3FD8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B4FE0 | 22_2_010B4FE0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B0828 | 22_2_010B0828 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B7E40 | 22_2_010B7E40 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B9C80 | 22_2_010B9C80 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B0C91 | 22_2_010B0C91 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B60B0 | 22_2_010B60B0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B38D0 | 22_2_010B38D0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B38E4 | 22_2_010B38E4 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 22_2_010B38F1 | 22_2_010B38F1 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 23_2_004360CE | 23_2_004360CE |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 23_2_0040509C | 23_2_0040509C |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 23_2_00405199 | 23_2_00405199 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 23_2_0043C2D0 | 23_2_0043C2D0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 23_2_00440406 | 23_2_00440406 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 23_2_0040451D | 23_2_0040451D |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 23_2_004045FF | 23_2_004045FF |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 23_2_0040458E | 23_2_0040458E |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 23_2_00404690 | 23_2_00404690 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 23_2_00414A51 | 23_2_00414A51 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 23_2_00404C08 | 23_2_00404C08 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 23_2_00406C8E | 23_2_00406C8E |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 23_2_00415DF3 | 23_2_00415DF3 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 23_2_00416E5C | 23_2_00416E5C |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 23_2_00410FE4 | 23_2_00410FE4 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 28_2_00404DE5 | 28_2_00404DE5 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 28_2_00404E56 | 28_2_00404E56 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 28_2_00404EC7 | 28_2_00404EC7 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 28_2_00404F58 | 28_2_00404F58 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Code function: 28_2_0040BF6B | 28_2_0040BF6B |
Source: 0000001C.00000002.459461387.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 00000016.00000002.506342251.0000000004EC0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 0000000F.00000002.502348427.0000000002BF9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0000000F.00000002.497516349.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0000000F.00000002.505980703.0000000004BE0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 00000016.00000002.503776378.0000000002ED9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000016.00000002.497513323.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: Process Memory Space: RegAsm.exe PID: 6932, type: MEMORY | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: Process Memory Space: RegAsm.exe PID: 6276, type: MEMORY | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winrshost.url, type: DROPPED | Matched rule: Methodology_Suspicious_Shortcut_Local_URL author = @itsreallynick (Nick Carr), @QW5kcmV3 (Andrew Thompson), description = Detects local script usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019 |
Source: 15.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 15.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 28.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 22.2.RegAsm.exe.4ec0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 15.2.RegAsm.exe.4be0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 22.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 22.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 28.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 15.2.RegAsm.exe.4be0000.1.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 22.2.RegAsm.exe.4ec0000.1.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 0000001C.00000002.459461387.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 00000016.00000002.506342251.0000000004EC0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 0000000F.00000002.502348427.0000000002BF9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0000000F.00000002.497516349.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0000000F.00000002.505980703.0000000004BE0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 00000016.00000002.503776378.0000000002ED9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000016.00000002.497513323.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: Process Memory Space: RegAsm.exe PID: 6932, type: MEMORY | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: Process Memory Space: RegAsm.exe PID: 6276, type: MEMORY | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winrshost.url, type: DROPPED | Matched rule: Methodology_Suspicious_Shortcut_Local_URL author = @itsreallynick (Nick Carr), @QW5kcmV3 (Andrew Thompson), description = Detects local script usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019 |
Source: 15.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 15.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 28.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 22.2.RegAsm.exe.4ec0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 15.2.RegAsm.exe.4be0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 22.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 22.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 28.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 15.2.RegAsm.exe.4be0000.1.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 22.2.RegAsm.exe.4ec0000.1.unpack, type: UNPACKEDPE | Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 15.2.RegAsm.exe.400000.0.unpack, u200d????????????????????????????????????????.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 15.2.RegAsm.exe.400000.0.unpack, u200d????????????????????????????????????????.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 15.2.RegAsm.exe.400000.0.unpack, u200c???????????????????????????????????????.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 15.2.RegAsm.exe.400000.0.unpack, u200d????????????????????????????????????????.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 22.2.RegAsm.exe.400000.0.unpack, u200c???????????????????????????????????????.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 22.2.RegAsm.exe.400000.0.unpack, u200d????????????????????????????????????????.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 22.2.RegAsm.exe.400000.0.unpack, u200d????????????????????????????????????????.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 22.2.RegAsm.exe.400000.0.unpack, u200d????????????????????????????????????????.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 15.2.RegAsm.exe.400000.0.unpack, u200d????????????????????????????????????????.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 15.2.RegAsm.exe.400000.0.unpack, u200d????????????????????????????????????????.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 15.2.RegAsm.exe.400000.0.unpack, u200c???????????????????????????????????????.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 15.2.RegAsm.exe.400000.0.unpack, u200d????????????????????????????????????????.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 22.2.RegAsm.exe.400000.0.unpack, u200c???????????????????????????????????????.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 22.2.RegAsm.exe.400000.0.unpack, u200d????????????????????????????????????????.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 22.2.RegAsm.exe.400000.0.unpack, u200d????????????????????????????????????????.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 22.2.RegAsm.exe.400000.0.unpack, u200d????????????????????????????????????????.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 15.2.RegAsm.exe.400000.0.unpack, u202d????????????????????????????????????????.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 15.2.RegAsm.exe.400000.0.unpack, u202d????????????????????????????????????????.cs | Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 22.2.RegAsm.exe.400000.0.unpack, u206a????????????????????????????????????????.cs | Security API names: System.Void System.IO.DirectoryInfo::SetAccessControl(System.Security.AccessControl.DirectorySecurity) |
Source: 15.2.RegAsm.exe.400000.0.unpack, u206f????????????????????????????????????????.cs | Security API names: System.Void Microsoft.Win32.RegistryKey::SetAccessControl(System.Security.AccessControl.RegistrySecurity) |
Source: 15.2.RegAsm.exe.400000.0.unpack, u206f????????????????????????????????????????.cs | Security API names: System.Security.Principal.IdentityReference System.Security.Principal.SecurityIdentifier::Translate(System.Type) |
Source: 15.2.RegAsm.exe.400000.0.unpack, u206f????????????????????????????????????????.cs | Security API names: System.Void System.Security.AccessControl.RegistrySecurity::AddAccessRule(System.Security.AccessControl.RegistryAccessRule) |
Source: 15.2.RegAsm.exe.400000.0.unpack, u206a????????????????????????????????????????.cs | Security API names: System.Void System.IO.DirectoryInfo::SetAccessControl(System.Security.AccessControl.DirectorySecurity) |
Source: 22.2.RegAsm.exe.400000.0.unpack, u206f????????????????????????????????????????.cs | Security API names: System.Void Microsoft.Win32.RegistryKey::SetAccessControl(System.Security.AccessControl.RegistrySecurity) |
Source: 22.2.RegAsm.exe.400000.0.unpack, u206f????????????????????????????????????????.cs | Security API names: System.Security.Principal.IdentityReference System.Security.Principal.SecurityIdentifier::Translate(System.Type) |
Source: 22.2.RegAsm.exe.400000.0.unpack, u206f????????????????????????????????????????.cs | Security API names: System.Void System.Security.AccessControl.RegistrySecurity::AddAccessRule(System.Security.AccessControl.RegistryAccessRule) |
Source: 22.2.RegAsm.exe.400000.0.unpack, u202d????????????????????????????????????????.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 22.2.RegAsm.exe.400000.0.unpack, u202d????????????????????????????????????????.cs | Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 15.2.RegAsm.exe.400000.0.unpack, u202d????????????????????????????????????????.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 15.2.RegAsm.exe.400000.0.unpack, u202d????????????????????????????????????????.cs | Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 22.2.RegAsm.exe.400000.0.unpack, u206a????????????????????????????????????????.cs | Security API names: System.Void System.IO.DirectoryInfo::SetAccessControl(System.Security.AccessControl.DirectorySecurity) |
Source: 15.2.RegAsm.exe.400000.0.unpack, u206f????????????????????????????????????????.cs | Security API names: System.Void Microsoft.Win32.RegistryKey::SetAccessControl(System.Security.AccessControl.RegistrySecurity) |
Source: 15.2.RegAsm.exe.400000.0.unpack, u206f????????????????????????????????????????.cs | Security API names: System.Security.Principal.IdentityReference System.Security.Principal.SecurityIdentifier::Translate(System.Type) |
Source: 15.2.RegAsm.exe.400000.0.unpack, u206f????????????????????????????????????????.cs | Security API names: System.Void System.Security.AccessControl.RegistrySecurity::AddAccessRule(System.Security.AccessControl.RegistryAccessRule) |
Source: 15.2.RegAsm.exe.400000.0.unpack, u206a????????????????????????????????????????.cs | Security API names: System.Void System.IO.DirectoryInfo::SetAccessControl(System.Security.AccessControl.DirectorySecurity) |
Source: 22.2.RegAsm.exe.400000.0.unpack, u206f????????????????????????????????????????.cs | Security API names: System.Void Microsoft.Win32.RegistryKey::SetAccessControl(System.Security.AccessControl.RegistrySecurity) |
Source: 22.2.RegAsm.exe.400000.0.unpack, u206f????????????????????????????????????????.cs | Security API names: System.Security.Principal.IdentityReference System.Security.Principal.SecurityIdentifier::Translate(System.Type) |
Source: 22.2.RegAsm.exe.400000.0.unpack, u206f????????????????????????????????????????.cs | Security API names: System.Void System.Security.AccessControl.RegistrySecurity::AddAccessRule(System.Security.AccessControl.RegistryAccessRule) |
Source: 22.2.RegAsm.exe.400000.0.unpack, u202d????????????????????????????????????????.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 22.2.RegAsm.exe.400000.0.unpack, u202d????????????????????????????????????????.cs | Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: vbc.exe | Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence'; |
Source: vbc.exe | Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q); |
Source: RegAsm.exe, 0000000F.00000003.317809114.0000000004453000.00000004.00000001.sdmp, vbc.exe, 00000010.00000002.325404707.0000000000400000.00000040.00000001.sdmp, RegAsm.exe, 00000016.00000002.506342251.0000000004EC0000.00000004.00000001.sdmp, vbc.exe, 00000017.00000002.418820709.0000000000400000.00000040.00000001.sdmp | Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger'); |
Source: vbc.exe | Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0 |
Source: vbc.exe | Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s; |
Source: vbc.exe | Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s; |
Source: vbc.exe | Binary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' |
Source: vbc.exe | Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence'; |
Source: vbc.exe | Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q); |
Source: RegAsm.exe, 0000000F.00000003.317809114.0000000004453000.00000004.00000001.sdmp, vbc.exe, 00000010.00000002.325404707.0000000000400000.00000040.00000001.sdmp, RegAsm.exe, 00000016.00000002.506342251.0000000004EC0000.00000004.00000001.sdmp, vbc.exe, 00000017.00000002.418820709.0000000000400000.00000040.00000001.sdmp | Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger'); |
Source: vbc.exe | Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0 |
Source: vbc.exe | Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s; |
Source: vbc.exe | Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s; |
Source: vbc.exe | Binary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' |
Source: unknown | Process created: C:\Users\user\Desktop\TrxPoXd5QM.exe 'C:\Users\user\Desktop\TrxPoXd5QM.exe' | |
Source: unknown | Process created: C:\Windows\System32\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\winrshost\winrshost.vbs' | |
Source: unknown | Process created: C:\Users\user\winrshost\adsmsext.exe 'C:\Users\user\winrshost\adsmsext.exe' | |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe | |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe | |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext 'C:\Users\user\AppData\Local\Temp\tmpAF61.tmp' | |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe | |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe | |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext 'C:\Users\user\AppData\Local\Temp\tmp543C.tmp' | |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext 'C:\Users\user\AppData\Local\Temp\tmpA868.tmp' | |
Source: C:\Users\user\Desktop\TrxPoXd5QM.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe | Jump to behavior |
Source: C:\Users\user\Desktop\TrxPoXd5QM.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Users\user\winrshost\adsmsext.exe 'C:\Users\user\winrshost\adsmsext.exe' | Jump to behavior |
Source: C:\Users\user\winrshost\adsmsext.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe | Jump to behavior |
Source: C:\Users\user\winrshost\adsmsext.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext 'C:\Users\user\AppData\Local\Temp\tmpAF61.tmp' | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext 'C:\Users\user\AppData\Local\Temp\tmpA868.tmp' | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext 'C:\Users\user\AppData\Local\Temp\tmp543C.tmp' | Jump to behavior |
Source: unknown | Process created: C:\Users\user\Desktop\TrxPoXd5QM.exe 'C:\Users\user\Desktop\TrxPoXd5QM.exe' | |
Source: unknown | Process created: C:\Windows\System32\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\winrshost\winrshost.vbs' | |
Source: unknown | Process created: C:\Users\user\winrshost\adsmsext.exe 'C:\Users\user\winrshost\adsmsext.exe' | |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe | |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe | |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext 'C:\Users\user\AppData\Local\Temp\tmpAF61.tmp' | |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe | |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe | |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext 'C:\Users\user\AppData\Local\Temp\tmp543C.tmp' | |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext 'C:\Users\user\AppData\Local\Temp\tmpA868.tmp' | |
Source: C:\Users\user\Desktop\TrxPoXd5QM.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe | Jump to behavior |
Source: C:\Users\user\Desktop\TrxPoXd5QM.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Users\user\winrshost\adsmsext.exe 'C:\Users\user\winrshost\adsmsext.exe' | Jump to behavior |
Source: C:\Users\user\winrshost\adsmsext.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe | Jump to behavior |
Source: C:\Users\user\winrshost\adsmsext.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext 'C:\Users\user\AppData\Local\Temp\tmpAF61.tmp' | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext 'C:\Users\user\AppData\Local\Temp\tmpA868.tmp' | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext 'C:\Users\user\AppData\Local\Temp\tmp543C.tmp' | Jump to behavior |
Source: C:\Users\user\Desktop\TrxPoXd5QM.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TrxPoXd5QM.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\winrshost\adsmsext.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\winrshost\adsmsext.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TrxPoXd5QM.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TrxPoXd5QM.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\winrshost\adsmsext.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\winrshost\adsmsext.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process infor |