Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.222.58.152 |
Source: RegAsm.exe, 00000004.00000002.603404281.000000001DD21000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: RegAsm.exe |
String found in binary or memory: http://185.222.58.152/EDUORIGIN_baxLdLkc20.bin |
Source: RegAsm.exe, 00000004.00000002.603404281.000000001DD21000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: RegAsm.exe, 00000004.00000002.603404281.000000001DD21000.00000004.00000001.sdmp |
String found in binary or memory: http://sHYyUE.com |
Source: RegAsm.exe, 00000004.00000002.603404281.000000001DD21000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_021066CF NtMapViewOfSection, |
0_2_021066CF |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02106A5A NtMapViewOfSection, |
0_2_02106A5A |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02106A7E NtMapViewOfSection, |
0_2_02106A7E |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02106A9A NtMapViewOfSection, |
0_2_02106A9A |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02106AB6 NtMapViewOfSection, |
0_2_02106AB6 |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02106ADE NtMapViewOfSection, |
0_2_02106ADE |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02106B0A NtMapViewOfSection, |
0_2_02106B0A |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02106B2E NtMapViewOfSection, |
0_2_02106B2E |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_0210677A NtProtectVirtualMemory,NtMapViewOfSection, |
0_2_0210677A |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02106B7A NtMapViewOfSection, |
0_2_02106B7A |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02106B9E NtMapViewOfSection, |
0_2_02106B9E |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02106BBA NtMapViewOfSection, |
0_2_02106BBA |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02106BE2 NtMapViewOfSection, |
0_2_02106BE2 |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_0210680C NtProtectVirtualMemory,NtMapViewOfSection, |
0_2_0210680C |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02106C32 NtMapViewOfSection, |
0_2_02106C32 |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_0210687F NtProtectVirtualMemory,NtMapViewOfSection, |
0_2_0210687F |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02106896 NtMapViewOfSection, |
0_2_02106896 |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02106CAA NtMapViewOfSection, |
0_2_02106CAA |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_0210693E NtMapViewOfSection, |
0_2_0210693E |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_0210698E NtMapViewOfSection, |
0_2_0210698E |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_021069AA NtMapViewOfSection, |
0_2_021069AA |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_021069D6 NtMapViewOfSection, |
0_2_021069D6 |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_021069F6 NtMapViewOfSection, |
0_2_021069F6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_0130693A NtSetInformationThread, |
4_2_0130693A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_013063BF NtProtectVirtualMemory, |
4_2_013063BF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_013069AA NtSetInformationThread, |
4_2_013069AA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_0130698E NtSetInformationThread, |
4_2_0130698E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_013069F6 NtSetInformationThread, |
4_2_013069F6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_013069D6 NtSetInformationThread, |
4_2_013069D6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_01306B2E NtSetInformationThread, |
4_2_01306B2E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_01306B0A NtSetInformationThread, |
4_2_01306B0A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_01306B7A NtSetInformationThread, |
4_2_01306B7A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_01306BBA NtSetInformationThread, |
4_2_01306BBA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_01306B9E NtSetInformationThread, |
4_2_01306B9E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_01306BE2 NtSetInformationThread, |
4_2_01306BE2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_01306A7E NtSetInformationThread, |
4_2_01306A7E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_01306A5A NtSetInformationThread, |
4_2_01306A5A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_01306AB6 NtSetInformationThread, |
4_2_01306AB6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_01306A9A NtSetInformationThread, |
4_2_01306A9A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_01306ADE NtSetInformationThread, |
4_2_01306ADE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_01306C32 NtSetInformationThread, |
4_2_01306C32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_01306CAA NtSetInformationThread, |
4_2_01306CAA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_00FE78D8 |
4_2_00FE78D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_00FE41E8 |
4_2_00FE41E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_00FE99C0 |
4_2_00FE99C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_00FE12F8 |
4_2_00FE12F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_00FEE588 |
4_2_00FEE588 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_00FE41E0 |
4_2_00FE41E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_1D972CD8 |
4_2_1D972CD8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_1D970006 |
4_2_1D970006 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_1D970040 |
4_2_1D970040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_1D97C3B0 |
4_2_1D97C3B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_1D9805D8 |
4_2_1D9805D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_1DB146A0 |
4_2_1DB146A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_1DB14690 |
4_2_1DB14690 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_1DB14650 |
4_2_1DB14650 |
Source: SKM_C3350191107102300.exe, 00000000.00000002.387312508.00000000020B0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameuser32j% vs SKM_C3350191107102300.exe |
Source: SKM_C3350191107102300.exe, 00000000.00000000.329778630.000000000040F000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameKlysnerstorv8.exe vs SKM_C3350191107102300.exe |
Source: SKM_C3350191107102300.exe |
Binary or memory string: OriginalFilenameKlysnerstorv8.exe vs SKM_C3350191107102300.exe |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_00408C00 push 0000001Eh; iretd |
0_2_00408C0F |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_00403EDA push edi; retf |
0_2_00403F29 |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02105A4A push es; ret |
0_2_02105A7C |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02105A71 push es; ret |
0_2_02105A7C |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02101CBE push ss; retf |
0_2_02101D39 |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_021008AB push edx; ret |
0_2_021008AC |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02101CD6 push ss; retf |
0_2_02101D39 |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02101D1C push ss; retf |
0_2_02101D39 |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02101D1C push ss; retf |
0_2_02101D49 |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02101D3E push ss; retf |
0_2_02101D49 |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_02101D28 push ss; retf |
0_2_02101D39 |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_021045B1 push ebx; retf |
0_2_021045DA |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Code function: 0_2_021005AF push cs; retf |
0_2_021005B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_1D979E4C push E8FFFFFFh; retf |
4_2_1D979E51 |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
RDTSC instruction interceptor: First address: 0000000002102FA2 second address: 0000000002102FA2 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007F7E70A9D098h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d test bl, dl 0x0000001f cmp eax, ebx 0x00000021 pop ecx 0x00000022 test ebx, ecx 0x00000024 add edi, edx 0x00000026 dec ecx 0x00000027 pushad 0x00000028 mov ah, F0h 0x0000002a cmp ah, FFFFFFF0h 0x0000002d jne 00007F7E70A9C5A5h 0x00000033 popad 0x00000034 cmp ecx, 00000000h 0x00000037 jne 00007F7E70A9D043h 0x00000039 push ecx 0x0000003a jmp 00007F7E70A9D0AAh 0x0000003c push esi 0x0000003d mov esi, 6EF0E26Ch 0x00000042 cmp esi, 6EF0E26Ch 0x00000048 jne 00007F7E70A9A718h 0x0000004e pop esi 0x0000004f call 00007F7E70A9D0E7h 0x00000054 call 00007F7E70A9D0A8h 0x00000059 lfence 0x0000005c mov edx, dword ptr [7FFE0014h] 0x00000062 lfence 0x00000065 ret 0x00000066 mov esi, edx 0x00000068 pushad 0x00000069 rdtsc |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
RDTSC instruction interceptor: First address: 00000000021006BA second address: 00000000021006BA instructions: |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
RDTSC instruction interceptor: First address: 0000000002100853 second address: 0000000002100853 instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
RDTSC instruction interceptor: First address: 0000000001300F6A second address: 0000000001300F6A instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
RDTSC instruction interceptor: First address: 0000000001301F08 second address: 0000000001301F08 instructions: |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
RDTSC instruction interceptor: First address: 0000000002102FA2 second address: 0000000002102FA2 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007F7E70A9D098h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d test bl, dl 0x0000001f cmp eax, ebx 0x00000021 pop ecx 0x00000022 test ebx, ecx 0x00000024 add edi, edx 0x00000026 dec ecx 0x00000027 pushad 0x00000028 mov ah, F0h 0x0000002a cmp ah, FFFFFFF0h 0x0000002d jne 00007F7E70A9C5A5h 0x00000033 popad 0x00000034 cmp ecx, 00000000h 0x00000037 jne 00007F7E70A9D043h 0x00000039 push ecx 0x0000003a jmp 00007F7E70A9D0AAh 0x0000003c push esi 0x0000003d mov esi, 6EF0E26Ch 0x00000042 cmp esi, 6EF0E26Ch 0x00000048 jne 00007F7E70A9A718h 0x0000004e pop esi 0x0000004f call 00007F7E70A9D0E7h 0x00000054 call 00007F7E70A9D0A8h 0x00000059 lfence 0x0000005c mov edx, dword ptr [7FFE0014h] 0x00000062 lfence 0x00000065 ret 0x00000066 mov esi, edx 0x00000068 pushad 0x00000069 rdtsc |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
RDTSC instruction interceptor: First address: 000000000210319A second address: 000000000210319A instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007F7E70AAA270h 0x0000001d popad 0x0000001e jmp 00007F7E70AA7922h 0x00000020 test ax, dx 0x00000023 call 00007F7E70AA7934h 0x00000028 lfence 0x0000002b rdtsc |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
RDTSC instruction interceptor: First address: 00000000021006BA second address: 00000000021006BA instructions: |
Source: C:\Users\user\Desktop\SKM_C3350191107102300.exe |
RDTSC instruction interceptor: First address: 0000000002100853 second address: 0000000002100853 instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
RDTSC instruction interceptor: First address: 000000000130319A second address: 000000000130319A instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007F7E70A9FA00h 0x0000001d popad 0x0000001e jmp 00007F7E70A9D0B2h 0x00000020 test ax, dx 0x00000023 call 00007F7E70A9D0C4h 0x00000028 lfence 0x0000002b rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
RDTSC instruction interceptor: First address: 0000000001300F6A second address: 0000000001300F6A instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
RDTSC instruction interceptor: First address: 0000000001301F08 second address: 0000000001301F08 instructions: |
Source: RegAsm.exe, 00000004.00000002.604549070.0000000020820000.00000002.00000001.sdmp |
Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: RegAsm.exe, 00000004.00000002.604549070.0000000020820000.00000002.00000001.sdmp |
Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: RegAsm.exe |
Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: RegAsm.exe, 00000004.00000002.604549070.0000000020820000.00000002.00000001.sdmp |
Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: RegAsm.exe, 00000004.00000002.604549070.0000000020820000.00000002.00000001.sdmp |
Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_013052A0 mov eax, dword ptr fs:[00000030h] |
4_2_013052A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_01302DD2 mov eax, dword ptr fs:[00000030h] |
4_2_01302DD2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_01305F0E mov eax, dword ptr fs:[00000030h] |
4_2_01305F0E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_0130576C mov eax, dword ptr fs:[00000030h] |
4_2_0130576C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4_2_01305EF3 mov eax, dword ptr fs:[00000030h] |
4_2_01305EF3 |
Source: RegAsm.exe, 00000004.00000002.599071662.0000000001AF0000.00000002.00000001.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: RegAsm.exe, 00000004.00000002.599071662.0000000001AF0000.00000002.00000001.sdmp |
Binary or memory string: Progman |
Source: RegAsm.exe, 00000004.00000002.599071662.0000000001AF0000.00000002.00000001.sdmp |
Binary or memory string: &Program Manager |
Source: RegAsm.exe, 00000004.00000002.599071662.0000000001AF0000.00000002.00000001.sdmp |
Binary or memory string: Progmanlock |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 |
Jump to behavior |