Source: RegAsm.exe, 00000002.00000002.614309170.000000001DAE1000.00000004.00000001.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: RegAsm.exe, 00000002.00000002.614309170.000000001DAE1000.00000004.00000001.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: RegAsm.exe, 00000002.00000002.614309170.000000001DAE1000.00000004.00000001.sdmp | String found in binary or memory: http://KeXrtgodXUi1h.com |
Source: RegAsm.exe, 00000002.00000002.609079572.0000000001300000.00000004.00000020.sdmp | String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0 |
Source: RegAsm.exe, 00000002.00000002.614309170.000000001DAE1000.00000004.00000001.sdmp | String found in binary or memory: http://bbllRW.com |
Source: RegAsm.exe, 00000002.00000002.614735524.000000001DE41000.00000004.00000001.sdmp | String found in binary or memory: http://brimaq.com |
Source: RegAsm.exe, 00000002.00000002.609079572.0000000001300000.00000004.00000020.sdmp | String found in binary or memory: http://cps.letsencrypt.org0 |
Source: RegAsm.exe, 00000002.00000002.609079572.0000000001300000.00000004.00000020.sdmp | String found in binary or memory: http://cps.root-x1.letsencrypt.org0 |
Source: RegAsm.exe, 00000002.00000002.608987093.000000000129C000.00000004.00000020.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: RegAsm.exe, 00000002.00000002.609079572.0000000001300000.00000004.00000020.sdmp | String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0 |
Source: RegAsm.exe, 00000002.00000002.609009636.00000000012BB000.00000004.00000020.sdmp | String found in binary or memory: http://crl.pki.goog/GTS1O1core.crl0 |
Source: RegAsm.exe, 00000002.00000002.608987093.000000000129C000.00000004.00000020.sdmp | String found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0? |
Source: RegAsm.exe, 00000002.00000002.614735524.000000001DE41000.00000004.00000001.sdmp | String found in binary or memory: http://mail.brimaq.com |
Source: RegAsm.exe, 00000002.00000002.608987093.000000000129C000.00000004.00000020.sdmp | String found in binary or memory: http://ocsp.pki.goog/gsr202 |
Source: RegAsm.exe, 00000002.00000002.609009636.00000000012BB000.00000004.00000020.sdmp | String found in binary or memory: http://ocsp.pki.goog/gts1o1core0 |
Source: RegAsm.exe, 00000002.00000002.609009636.00000000012BB000.00000004.00000020.sdmp | String found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0 |
Source: RegAsm.exe, 00000002.00000002.609079572.0000000001300000.00000004.00000020.sdmp | String found in binary or memory: http://r3.i.lencr.org/0 |
Source: RegAsm.exe, 00000002.00000002.609079572.0000000001300000.00000004.00000020.sdmp | String found in binary or memory: http://r3.o.lencr.org0 |
Source: RegAsm.exe, 00000002.00000002.608987093.000000000129C000.00000004.00000020.sdmp | String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/ |
Source: RegAsm.exe, 00000002.00000002.608987093.000000000129C000.00000004.00000020.sdmp | String found in binary or memory: https://doc-0s-1k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/ilq0gs3h |
Source: RegAsm.exe | String found in binary or memory: https://drive.google.com/uc?export=download&id=16YYVHnEy9_-NyGEipJqgNlcMWFoYiAxO |
Source: RegAsm.exe, 00000002.00000002.608987093.000000000129C000.00000004.00000020.sdmp | String found in binary or memory: https://pki.goog/repository/0 |
Source: RegAsm.exe, 00000002.00000002.614309170.000000001DAE1000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_023450CB NtResumeThread, |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_02345294 NtResumeThread, |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_0234533A NtResumeThread, |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_02345170 NtResumeThread, |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_02345162 NtResumeThread, |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_023453E8 NtResumeThread, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00F8525E NtSetInformationThread, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00F84E07 NtProtectVirtualMemory, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00F853E8 NtSetInformationThread, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00F85294 NtSetInformationThread, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00F8533A NtSetInformationThread, |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00406B0F |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_023450CB |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_02342036 |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_02342022 |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_02340E2E |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_0234087D |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_023446F2 |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_02341CEE |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_0234173A |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_02344328 |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_02342B1B |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_02343D76 |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_02345170 |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_02342372 |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_02342379 |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_02345162 |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_0234156B |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_02340954 |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_023447A7 |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_02341587 |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_023409E5 |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_023439C3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_01391900 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0139B9B5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_013919E4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_01397898 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0139EE30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0139AAA8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_013987E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_013A2020 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_013A2768 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_013A2F6D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_013AB740 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_1CDA6720 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_1CDA5000 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_1CDAB288 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_1CDB34A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_1CDB5D80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_1CDB4D00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_1CDB97D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_1CDB8010 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_1CDBAC90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_1CDBDF78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_1CDB1108 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_1CDB1AD7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_1CDB1AE8 |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00402465 pushfd ; iretd |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00406C05 push C868CBC8h; retf |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00406C0B push C868CBC8h; retf |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00406C11 push C868CBC8h; retf |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00406C17 push C868CBC8h; retf |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00403281 push dword ptr [edi-4B012F33h]; retf |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00402495 pushfd ; iretd |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00402699 pushfd ; iretd |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00402F70 pushfd ; iretd |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00403703 push fs; ret |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00403329 pushfd ; iretd |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00406BC9 push C868CBC8h; retf |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00406BCF push C868CBC8h; retf |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00406BD5 push C868CBC8h; retf |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00406BDB push C868CBC8h; retf |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_004051DF pushfd ; iretd |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_004043E0 pushfd ; iretd |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00406BE1 push C868CBC8h; retf |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00406BE7 push C868CBC8h; retf |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00406BED push C868CBC8h; retf |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00406BF3 push C868CBC8h; retf |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00406BF9 push C868CBC8h; retf |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_00406BFF push C868CBC8h; retf |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_0234006B push ebx; ret |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_02341131 pushfd ; iretd |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Code function: 0_2_02344504 push esi; retf |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_01398478 pushfd ; retf 551Fh |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0139D23C push eax; iretd |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_013A7A37 push edi; retn 0000h |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_013A1E00 push edx; retf |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | RDTSC instruction interceptor: First address: 0000000002342385 second address: 0000000002342385 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007F4DA0B46EF8h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d test dx, ax 0x00000020 pop ecx 0x00000021 cmp dl, FFFFFF90h 0x00000024 add edi, edx 0x00000026 dec ecx 0x00000027 cmp ecx, 00000000h 0x0000002a jne 00007F4DA0B46EDBh 0x0000002c push ecx 0x0000002d cmp dl, bl 0x0000002f call 00007F4DA0B46F0Dh 0x00000034 call 00007F4DA0B46F08h 0x00000039 lfence 0x0000003c mov edx, dword ptr [7FFE0014h] 0x00000042 lfence 0x00000045 ret 0x00000046 mov esi, edx 0x00000048 pushad 0x00000049 rdtsc |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | RDTSC instruction interceptor: First address: 0000000002345485 second address: 0000000002345485 instructions: |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | RDTSC instruction interceptor: First address: 0000000002340984 second address: 0000000002340984 instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | RDTSC instruction interceptor: First address: 0000000000F80B51 second address: 0000000000F80B51 instructions: |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | RDTSC instruction interceptor: First address: 0000000002342385 second address: 0000000002342385 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007F4DA0B46EF8h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d test dx, ax 0x00000020 pop ecx 0x00000021 cmp dl, FFFFFF90h 0x00000024 add edi, edx 0x00000026 dec ecx 0x00000027 cmp ecx, 00000000h 0x0000002a jne 00007F4DA0B46EDBh 0x0000002c push ecx 0x0000002d cmp dl, bl 0x0000002f call 00007F4DA0B46F0Dh 0x00000034 call 00007F4DA0B46F08h 0x00000039 lfence 0x0000003c mov edx, dword ptr [7FFE0014h] 0x00000042 lfence 0x00000045 ret 0x00000046 mov esi, edx 0x00000048 pushad 0x00000049 rdtsc |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | RDTSC instruction interceptor: First address: 00000000023424DB second address: 00000000023424DB instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007F4DA05B9491h 0x0000001d popad 0x0000001e call 00007F4DA05B7370h 0x00000023 lfence 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | RDTSC instruction interceptor: First address: 0000000002345485 second address: 0000000002345485 instructions: |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | RDTSC instruction interceptor: First address: 0000000002340984 second address: 0000000002340984 instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | RDTSC instruction interceptor: First address: 0000000000F824DB second address: 0000000000F824DB instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007F4DA0B49021h 0x0000001d popad 0x0000001e call 00007F4DA0B46F00h 0x00000023 lfence 0x00000026 rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | RDTSC instruction interceptor: First address: 0000000000F80B51 second address: 0000000000F80B51 instructions: |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Queries volume information: C:\ VolumeInformation |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Queries volume information: C:\ VolumeInformation |
Source: C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe | Queries volume information: C:\ VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |