Source: TNT Delivery Document.exe |
Virustotal: Detection: 39% |
Perma Link |
Source: TNT Delivery Document.exe |
ReversingLabs: Detection: 17% |
Source: TNT Delivery Document.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: initial sample |
Icon embedded in PE file: bad icon match: 20047c7c70f0e004 |
Source: TNT Delivery Document.exe |
Static file information: Suspicious name |
Source: initial sample |
Static PE information: Filename: TNT Delivery Document.exe |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Process Stats: CPU usage > 98% |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process Stats: CPU usage > 98% |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D037D NtSetInformationThread, |
2_2_020D037D |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D03A3 NtSetInformationThread, |
2_2_020D03A3 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D1BCA NtWriteVirtualMemory, |
2_2_020D1BCA |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D4575 NtProtectVirtualMemory, |
2_2_020D4575 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_00403C44 |
2_2_00403C44 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_00403845 |
2_2_00403845 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_00403812 |
2_2_00403812 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_0040343E |
2_2_0040343E |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_004034D5 |
2_2_004034D5 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_004038DC |
2_2_004038DC |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_0040348C |
2_2_0040348C |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_00403896 |
2_2_00403896 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_0040357E |
2_2_0040357E |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_00403522 |
2_2_00403522 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_00403926 |
2_2_00403926 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_004031EE |
2_2_004031EE |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_004031A1 |
2_2_004031A1 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_004035B8 |
2_2_004035B8 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_00403650 |
2_2_00403650 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_00403604 |
2_2_00403604 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_00403A04 |
2_2_00403A04 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_0040323B |
2_2_0040323B |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_004032CC |
2_2_004032CC |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_004036D7 |
2_2_004036D7 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_00403287 |
2_2_00403287 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_00403A8B |
2_2_00403A8B |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_00403693 |
2_2_00403693 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_00403B5E |
2_2_00403B5E |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_0040335F |
2_2_0040335F |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_00403773 |
2_2_00403773 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_00403B11 |
2_2_00403B11 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_0040331C |
2_2_0040331C |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_0040373A |
2_2_0040373A |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_004033F6 |
2_2_004033F6 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_004037FD |
2_2_004037FD |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_00403BA1 |
2_2_00403BA1 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_004033A3 |
2_2_004033A3 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_004037BE |
2_2_004037BE |
Source: TNT Delivery Document.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: TNT Delivery Document.exe, 00000002.00000002.498209731.0000000000415000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameDitikeres4.exe vs TNT Delivery Document.exe |
Source: TNT Delivery Document.exe, 00000002.00000002.535385883.00000000020A0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameuser32j% vs TNT Delivery Document.exe |
Source: TNT Delivery Document.exe |
Binary or memory string: OriginalFilenameDitikeres4.exe vs TNT Delivery Document.exe |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: TNT Delivery Document.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: classification engine |
Classification label: mal96.rans.troj.evad.winEXE@4/0@0/0 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4932:120:WilError_01 |
Source: TNT Delivery Document.exe |
Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Section loaded: C:\Windows\SysWOW64\msvbvm60.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: TNT Delivery Document.exe |
Virustotal: Detection: 39% |
Source: TNT Delivery Document.exe |
ReversingLabs: Detection: 17% |
Source: unknown |
Process created: C:\Users\user\Desktop\TNT Delivery Document.exe 'C:\Users\user\Desktop\TNT Delivery Document.exe' |
|
Source: unknown |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\TNT Delivery Document.exe' |
|
Source: unknown |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\TNT Delivery Document.exe' |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: Yara match |
File source: Process Memory Space: RegAsm.exe PID: 6392, type: MEMORY |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_00408812 pushad ; iretd |
2_2_0040881A |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_004038DC push 0FE1DEC2h; retn E1DEh |
2_2_0040396B |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_004080EF push es; ret |
2_2_00408116 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_00405894 pushad ; retf |
2_2_00405895 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_00404DAE push edx; ret |
2_2_00404DB0 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_00408B53 pushfd ; ret |
2_2_00408B56 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D0236 pushad ; retf |
2_2_020D023D |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D4249 push eax; iretd |
2_2_020D4270 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D426B push eax; iretd |
2_2_020D4270 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D4271 push esi; iretd |
2_2_020D4274 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D4285 push ecx; iretd |
2_2_020D429C |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D42A7 push esi; iretd |
2_2_020D42B4 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D3F36 push es; retf |
2_2_020D3F56 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D3768 push es; iretd |
2_2_020D379C |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D377D push es; iretd |
2_2_020D379C |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D377F push es; iretd |
2_2_020D379C |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D03CB push FFFFFFE9h; iretd |
2_2_020D03E6 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D347A pushad ; retf |
2_2_020D346E |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D148B push edi; retf |
2_2_020D1532 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D14F7 push edi; retf |
2_2_020D1532 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D1507 push edi; retf |
2_2_020D1532 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D151D push edi; retf |
2_2_020D1532 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D1572 push edi; retf |
2_2_020D1532 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Code function: 2_2_020D45AE push esi; iretd |
2_2_020D45B8 |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
RDTSC instruction interceptor: First address: 00000000020D1F67 second address: 00000000020D1F67 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007FABAC75B868h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d cmp al, al 0x0000001f cmp bh, 00000064h 0x00000022 pop ecx 0x00000023 test cx, AFDEh 0x00000028 add edi, edx 0x0000002a dec ecx 0x0000002b cmp ecx, 00000000h 0x0000002e jne 00007FABAC75B849h 0x00000030 push ecx 0x00000031 call 00007FABAC75B886h 0x00000036 call 00007FABAC75B878h 0x0000003b lfence 0x0000003e mov edx, dword ptr [7FFE0014h] 0x00000044 lfence 0x00000047 ret 0x00000048 mov esi, edx 0x0000004a pushad 0x0000004b rdtsc |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
RDTSC instruction interceptor: First address: 00000000020D218D second address: 00000000020D218D instructions: |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
RDTSC instruction interceptor: First address: 00000000020D47CB second address: 00000000020D47CB instructions: |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
RDTSC instruction interceptor: First address: 00000000020D33C7 second address: 00000000020D33C7 instructions: |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
RDTSC instruction interceptor: First address: 00000000020D3489 second address: 00000000020D3489 instructions: |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
RDTSC instruction interceptor: First address: 00000000020D1DFF second address: 00000000020D1DFF instructions: |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
File opened: C:\Program Files\Qemu-ga\qemu-ga.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
File opened: C:\Program Files\qga\qga.exe |
Jump to behavior |
Source: RegAsm.exe, 0000000E.00000002.494187486.0000000000D00000.00000040.00000001.sdmp |
Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
RDTSC instruction interceptor: First address: 00000000020D1F67 second address: 00000000020D1F67 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007FABAC75B868h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d cmp al, al 0x0000001f cmp bh, 00000064h 0x00000022 pop ecx 0x00000023 test cx, AFDEh 0x00000028 add edi, edx 0x0000002a dec ecx 0x0000002b cmp ecx, 00000000h 0x0000002e jne 00007FABAC75B849h 0x00000030 push ecx 0x00000031 call 00007FABAC75B886h 0x00000036 call 00007FABAC75B878h 0x0000003b lfence 0x0000003e mov edx, dword ptr [7FFE0014h] 0x00000044 lfence 0x00000047 ret 0x00000048 mov esi, edx 0x0000004a pushad 0x0000004b rdtsc |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
RDTSC instruction interceptor: First address: 00000000020D2074 second address: 00000000020D2074 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007FABACBD10D3h 0x0000001d popad 0x0000001e call 00007FABACBCF648h 0x00000023 lfence 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
RDTSC instruction interceptor: First address: 00000000020D218D second address: 00000000020D218D instructions: |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
RDTSC instruction interceptor: First address: 00000000020D47CB second address: 00000000020D47CB instructions: |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
RDTSC instruction interceptor: First address: 00000000020D0623 second address: 00000000020D067E instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b cmp ah, 00000013h 0x0000000e add edi, 04h 0x00000011 push edi 0x00000012 cmp dl, bl 0x00000014 jmp 00007FABAC75B89Ch 0x00000016 push 0003E800h 0x0000001b pushad 0x0000001c mov esi, 000000CAh 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
RDTSC instruction interceptor: First address: 00000000020D067E second address: 00000000020D3CFB instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 add edi, 04h 0x00000006 cmp esi, F1A58B31h 0x0000000c push edi 0x0000000d push 00000003h 0x0000000f cmp eax, ebx 0x00000011 push 00000030h 0x00000013 cmp dl, dl 0x00000015 test cl, cl 0x00000017 push dword ptr [ebp+0000009Ch] 0x0000001d push eax 0x0000001e cmp ax, bx 0x00000021 call 00007FABACBD35DAh 0x00000026 call 00007FABACBCF625h 0x0000002b pop ebx 0x0000002c sub ebx, 05h 0x0000002f inc ebx 0x00000030 dec ebx 0x00000031 xor edx, edx 0x00000033 mov eax, ebx 0x00000035 mov ecx, 00000004h 0x0000003a div ecx 0x0000003c cmp edx, 00000000h 0x0000003f jne 00007FABACBCF611h 0x00000041 dec ebx 0x00000042 xor edx, edx 0x00000044 mov eax, ebx 0x00000046 mov ecx, 00000004h 0x0000004b div ecx 0x0000004d cmp edx, 00000000h 0x00000050 jne 00007FABACBCF611h 0x00000052 movd mm3, ebx 0x00000055 jmp 00007FABACBCF636h 0x00000057 cmp edx, eax 0x00000059 jmp 00007FABACBCF636h 0x0000005b test al, bl 0x0000005d pop eax 0x0000005e movd mm1, eax 0x00000061 call 00007FABACBCEC6Ch 0x00000066 pushad 0x00000067 lfence 0x0000006a rdtsc |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
RDTSC instruction interceptor: First address: 00000000020D0825 second address: 00000000020D087F instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b cmp ah, FFFFFFE8h 0x0000000e mov ecx, dword ptr [ebp+1Ch] 0x00000011 cmp dl, bl 0x00000013 jmp 00007FABAC75B89Ch 0x00000015 mov edx, D034FC62h 0x0000001a pushad 0x0000001b mov esi, 00000077h 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
RDTSC instruction interceptor: First address: 00000000020D33C7 second address: 00000000020D33C7 instructions: |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
RDTSC instruction interceptor: First address: 00000000020D3489 second address: 00000000020D3489 instructions: |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
RDTSC instruction interceptor: First address: 00000000020D1DFF second address: 00000000020D1DFF instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_00D00ACB rdtsc |
14_2_00D00ACB |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: RegAsm.exe, 0000000E.00000002.494187486.0000000000D00000.00000040.00000001.sdmp |
Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Thread information set: HideFromDebugger |
Jump to behavior |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Process queried: DebugPort |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_00D00ACB rdtsc |
14_2_00D00ACB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_00D01E93 mov eax, dword ptr fs:[00000030h] |
14_2_00D01E93 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_00D03E81 mov eax, dword ptr fs:[00000030h] |
14_2_00D03E81 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_00D03EB0 mov eax, dword ptr fs:[00000030h] |
14_2_00D03EB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_00D038A5 mov eax, dword ptr fs:[00000030h] |
14_2_00D038A5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_00D035D3 mov eax, dword ptr fs:[00000030h] |
14_2_00D035D3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_00D00FBA mov eax, dword ptr fs:[00000030h] |
14_2_00D00FBA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_00D0151D mov eax, dword ptr fs:[00000030h] |
14_2_00D0151D |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: D00000 |
Jump to behavior |
Source: C:\Users\user\Desktop\TNT Delivery Document.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\TNT Delivery Document.exe' |
Jump to behavior |
Source: RegAsm.exe, 0000000E.00000002.524161760.0000000001540000.00000002.00000001.sdmp |
Binary or memory string: uProgram Manager |
Source: RegAsm.exe, 0000000E.00000002.524161760.0000000001540000.00000002.00000001.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: RegAsm.exe, 0000000E.00000002.524161760.0000000001540000.00000002.00000001.sdmp |
Binary or memory string: Progman |
Source: RegAsm.exe, 0000000E.00000002.524161760.0000000001540000.00000002.00000001.sdmp |
Binary or memory string: Progmanlock |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_00D02220 cpuid |
14_2_00D02220 |