Source: RegAsm.exe, 00000013.00000002.857079971.000000001DC21000.00000004.00000001.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: RegAsm.exe, 00000013.00000002.857079971.000000001DC21000.00000004.00000001.sdmp | String found in binary or memory: http://ChSulR.com |
Source: RegAsm.exe, 00000013.00000002.857079971.000000001DC21000.00000004.00000001.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: RegAsm.exe, 00000013.00000002.857466252.000000001DF85000.00000004.00000001.sdmp | String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0 |
Source: RegAsm.exe, 00000013.00000002.857466252.000000001DF85000.00000004.00000001.sdmp | String found in binary or memory: http://cps.letsencrypt.org0 |
Source: RegAsm.exe, 00000013.00000002.857466252.000000001DF85000.00000004.00000001.sdmp | String found in binary or memory: http://cps.root-x1.letsencrypt.org0 |
Source: RegAsm.exe, 00000013.00000002.850882210.00000000013F0000.00000004.00000020.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: RegAsm.exe, 00000013.00000002.857466252.000000001DF85000.00000004.00000001.sdmp | String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0 |
Source: RegAsm.exe, 00000013.00000002.850882210.00000000013F0000.00000004.00000020.sdmp | String found in binary or memory: http://crl.pki.goog/GTS1O1core.crl0 |
Source: RegAsm.exe, 00000013.00000002.850882210.00000000013F0000.00000004.00000020.sdmp | String found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0? |
Source: RegAsm.exe, 00000013.00000002.857466252.000000001DF85000.00000004.00000001.sdmp | String found in binary or memory: http://mail.gcclatinoamerica.com |
Source: RegAsm.exe, 00000013.00000002.850882210.00000000013F0000.00000004.00000020.sdmp | String found in binary or memory: http://ocsp.pki.goog/gsr202 |
Source: RegAsm.exe, 00000013.00000002.850882210.00000000013F0000.00000004.00000020.sdmp | String found in binary or memory: http://ocsp.pki.goog/gts1o1core0 |
Source: RegAsm.exe, 00000013.00000002.850882210.00000000013F0000.00000004.00000020.sdmp | String found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0 |
Source: RegAsm.exe, 00000013.00000002.857466252.000000001DF85000.00000004.00000001.sdmp | String found in binary or memory: http://r3.i.lencr.org/0 |
Source: RegAsm.exe, 00000013.00000002.857466252.000000001DF85000.00000004.00000001.sdmp | String found in binary or memory: http://r3.o.lencr.org0 |
Source: RegAsm.exe, 00000013.00000002.857079971.000000001DC21000.00000004.00000001.sdmp | String found in binary or memory: https://api.ipify.org% |
Source: RegAsm.exe, 00000013.00000002.857079971.000000001DC21000.00000004.00000001.sdmp | String found in binary or memory: https://api.ipify.org%GETMozilla/5.0 |
Source: RegAsm.exe, 00000013.00000002.850646188.00000000013AE000.00000004.00000020.sdmp | String found in binary or memory: https://doc-0k-1c-docs.googleusercontent.com/ |
Source: RegAsm.exe, 00000013.00000002.850763791.00000000013CC000.00000004.00000020.sdmp | String found in binary or memory: https://doc-0k-1c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/55mju4ru |
Source: RegAsm.exe, 00000013.00000002.850646188.00000000013AE000.00000004.00000020.sdmp | String found in binary or memory: https://doc-0k-1c-docs.googleusercontent.com/su |
Source: RegAsm.exe, 00000013.00000002.850301803.000000000136B000.00000004.00000020.sdmp | String found in binary or memory: https://drive.google.com/ |
Source: RegAsm.exe, 00000013.00000002.850301803.000000000136B000.00000004.00000020.sdmp | String found in binary or memory: https://drive.google.com/=: |
Source: RegAsm.exe, RegAsm.exe, 00000013.00000002.850301803.000000000136B000.00000004.00000020.sdmp | String found in binary or memory: https://drive.google.com/uc?export=download&id=1kid0owgaMCzRLqlPjIt2boGIIgOTgmca |
Source: RegAsm.exe, 00000013.00000002.850882210.00000000013F0000.00000004.00000020.sdmp | String found in binary or memory: https://pki.goog/repository/0 |
Source: RegAsm.exe, 00000013.00000002.857079971.000000001DC21000.00000004.00000001.sdmp, RegAsm.exe, 00000013.00000002.857439462.000000001DF7D000.00000004.00000001.sdmp, RegAsm.exe, 00000013.00000002.857541790.000000001DFA6000.00000004.00000001.sdmp | String found in binary or memory: https://t8vI5nXseaUv.com |
Source: RegAsm.exe, 00000013.00000002.857079971.000000001DC21000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08809 NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F082D9 NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F088F4 NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F088C6 NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F0889E NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08875 NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08C7F NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08C54 NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F0884D NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08824 NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F089CC NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F089A7 NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08979 NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08D6E NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08951 NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08922 NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08D2C NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08D04 NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08AE3 NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F082D7 NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08ABE NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08A89 NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08A61 NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08A35 NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08A05 NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08BDE NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08B9F NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08B77 NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08B4B NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F08B14 NtProtectVirtualMemory, |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_004064CA |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_0040729D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F0433E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_01256878 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_01255B18 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_0128A9E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_01287B98 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_012847F2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_01280DB0 |
Source: ddff.exe, 00000000.00000002.409248775.0000000002A90000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamenyanlgg.exeFE2X vs ddff.exe |
Source: ddff.exe, 00000000.00000002.409248775.0000000002A90000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamenyanlgg.exeFE2XN vs ddff.exe |
Source: ddff.exe, 00000000.00000002.409248775.0000000002A90000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamenyanlgg.exeFE2X) vs ddff.exe |
Source: ddff.exe, 00000000.00000002.409248775.0000000002A90000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamenyanlgg.exeFE2XM vs ddff.exe |
Source: ddff.exe, 00000000.00000002.409248775.0000000002A90000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamenyanlgg.exeFE2X$ vs ddff.exe |
Source: ddff.exe, 00000000.00000002.409248775.0000000002A90000.00000004.00000001.sdmp | Binary or memory string: OriginalFilename vs ddff.exe |
Source: ddff.exe, 00000000.00000000.195030837.0000000000419000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenamenyanlgg.exe vs ddff.exe |
Source: ddff.exe | Binary or memory string: OriginalFilenamenyanlgg.exe vs ddff.exe |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_00404E47 pushfd ; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_00404048 pushfd ; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_00406401 push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_00406404 push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_00406407 push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_0040640A push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_0040640D push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_00406410 push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_0040903C push ss; retf |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_004020CD pushfd ; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_00402EE9 push dword ptr [edi-4B012F33h]; retf |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_004020FD pushfd ; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_0040336B push fs; ret |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_00402301 pushfd ; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_00405F05 push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_00405F05 push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_004063C8 push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_004063CB push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_004063CE push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_004063D1 push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_004063D4 push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_004063D7 push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_00402BD8 pushfd ; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_004063DA push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_004063DD push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_004063E0 push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_004063E3 push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_004063E6 push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_004063E9 push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_004063EC push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Code function: 0_2_004063EF push ecx; iretd |
Source: C:\Users\user\Desktop\ddff.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ddff.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ddff.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ddff.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ddff.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ddff.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ddff.exe | RDTSC instruction interceptor: First address: 0000000000523AE6 second address: 0000000000523AE6 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007F6C0094A148h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d pop ecx 0x0000001e add edi, edx 0x00000020 dec ecx 0x00000021 cmp ecx, 00000000h 0x00000024 jne 00007F6C0094A131h 0x00000026 cmp ch, dh 0x00000028 push ecx 0x00000029 call 00007F6C0094A1ADh 0x0000002e call 00007F6C0094A158h 0x00000033 lfence 0x00000036 mov edx, dword ptr [7FFE0014h] 0x0000003c lfence 0x0000003f ret 0x00000040 mov esi, edx 0x00000042 pushad 0x00000043 rdtsc |
Source: C:\Users\user\Desktop\ddff.exe | RDTSC instruction interceptor: First address: 000000000052367A second address: 000000000052367A instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | RDTSC instruction interceptor: First address: 0000000000F02016 second address: 0000000000F02016 instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | RDTSC instruction interceptor: First address: 0000000000F02162 second address: 0000000000F02162 instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | RDTSC instruction interceptor: First address: 0000000000F022F8 second address: 0000000000F022F8 instructions: |
Source: C:\Users\user\Desktop\ddff.exe | RDTSC instruction interceptor: First address: 0000000000523AE6 second address: 0000000000523AE6 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007F6C0094A148h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d pop ecx 0x0000001e add edi, edx 0x00000020 dec ecx 0x00000021 cmp ecx, 00000000h 0x00000024 jne 00007F6C0094A131h 0x00000026 cmp ch, dh 0x00000028 push ecx 0x00000029 call 00007F6C0094A1ADh 0x0000002e call 00007F6C0094A158h 0x00000033 lfence 0x00000036 mov edx, dword ptr [7FFE0014h] 0x0000003c lfence 0x0000003f ret 0x00000040 mov esi, edx 0x00000042 pushad 0x00000043 rdtsc |
Source: C:\Users\user\Desktop\ddff.exe | RDTSC instruction interceptor: First address: 0000000000523DA0 second address: 0000000000523DA0 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007F6C0094E494h 0x0000001d popad 0x0000001e call 00007F6C0094ACCFh 0x00000023 lfence 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\ddff.exe | RDTSC instruction interceptor: First address: 000000000052367A second address: 000000000052367A instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | RDTSC instruction interceptor: First address: 0000000000F03DA0 second address: 0000000000F03DA0 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007F6C0094E494h 0x0000001d popad 0x0000001e call 00007F6C0094ACCFh 0x00000023 lfence 0x00000026 rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | RDTSC instruction interceptor: First address: 0000000000F02016 second address: 0000000000F02016 instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | RDTSC instruction interceptor: First address: 0000000000F02162 second address: 0000000000F02162 instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | RDTSC instruction interceptor: First address: 0000000000F022F8 second address: 0000000000F022F8 instructions: |
Source: RegAsm.exe, 00000013.00000002.850301803.000000000136B000.00000004.00000020.sdmp | Binary or memory string: Hyper-V RAWX |
Source: RegAsm.exe, 00000013.00000002.858637359.0000000020720000.00000002.00000001.sdmp | Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: RegAsm.exe, 00000013.00000002.850646188.00000000013AE000.00000004.00000020.sdmp | Binary or memory string: Hyper-V RAW |
Source: RegAsm.exe, 00000013.00000002.858637359.0000000020720000.00000002.00000001.sdmp | Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: ddff.exe, 00000000.00000002.408563933.00000000006E8000.00000004.00000020.sdmp, RegAsm.exe | Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: RegAsm.exe, 00000013.00000002.858637359.0000000020720000.00000002.00000001.sdmp | Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: RegAsm.exe, 00000013.00000002.858637359.0000000020720000.00000002.00000001.sdmp | Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F038BB mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F07C85 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F07C33 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F07C38 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F061D0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 19_2_00F06B79 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\ddff.exe | Queries volume information: C:\ VolumeInformation |
Source: C:\Users\user\Desktop\ddff.exe | Queries volume information: C:\ VolumeInformation |
Source: C:\Users\user\Desktop\ddff.exe | Queries volume information: C:\ VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |