Source: RegAsm.exe, 00000005.00000002.34508937788.000000001DBF1000.00000004.00000001.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: RegAsm.exe, 00000005.00000002.34508937788.000000001DBF1000.00000004.00000001.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: RegAsm.exe, 00000005.00000002.34498118472.0000000000DFF000.00000004.00000020.sdmp | String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0 |
Source: RegAsm.exe, 00000005.00000002.34510158729.000000001DD00000.00000004.00000001.sdmp | String found in binary or memory: http://cps.letsencrypt.org0 |
Source: RegAsm.exe, 00000005.00000002.34498118472.0000000000DFF000.00000004.00000020.sdmp | String found in binary or memory: http://cps.root-x1.letsencrypt.org0 |
Source: RegAsm.exe, 00000005.00000003.29936323610.0000000000E4C000.00000004.00000001.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: RegAsm.exe, 00000005.00000003.29936323610.0000000000E4C000.00000004.00000001.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: RegAsm.exe, 00000005.00000002.34498118472.0000000000DFF000.00000004.00000020.sdmp | String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0 |
Source: RegAsm.exe, 00000005.00000002.34510114513.000000001DCFA000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000002.34509995210.000000001DCE9000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000002.34510306374.000000001DD25000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000002.34508937788.000000001DBF1000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000003.30855905481.000000001C861000.00000004.00000001.sdmp | String found in binary or memory: http://kwpik2VAR1e4qwGX.org |
Source: RegAsm.exe, 00000005.00000002.34510158729.000000001DD00000.00000004.00000001.sdmp | String found in binary or memory: http://mail.tccinfaes.com |
Source: RegAsm.exe, 00000005.00000002.34510158729.000000001DD00000.00000004.00000001.sdmp | String found in binary or memory: http://r3.i.lencr.org/0) |
Source: RegAsm.exe, 00000005.00000002.34510158729.000000001DD00000.00000004.00000001.sdmp | String found in binary or memory: http://r3.o.lencr.org0 |
Source: RegAsm.exe, 00000005.00000002.34510158729.000000001DD00000.00000004.00000001.sdmp | String found in binary or memory: http://tccinfaes.com |
Source: RegAsm.exe, 00000005.00000002.34497807320.0000000000DB8000.00000004.00000020.sdmp | String found in binary or memory: http://x1.c.lencr.org/0 |
Source: RegAsm.exe, 00000005.00000002.34497807320.0000000000DB8000.00000004.00000020.sdmp | String found in binary or memory: http://x1.i.lencr.org/0 |
Source: RegAsm.exe, 00000005.00000002.34508937788.000000001DBF1000.00000004.00000001.sdmp | String found in binary or memory: http://ymvmIY.com |
Source: RegAsm.exe, 00000005.00000003.29936323610.0000000000E4C000.00000004.00000001.sdmp | String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/ |
Source: RegAsm.exe, 00000005.00000003.29940609468.0000000000E47000.00000004.00000001.sdmp | String found in binary or memory: https://doc-0c-50-docs.googleusercontent.com/ |
Source: RegAsm.exe, 00000005.00000003.29936761662.0000000000E4C000.00000004.00000001.sdmp | String found in binary or memory: https://doc-0c-50-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/9fjtv408 |
Source: RegAsm.exe, 00000005.00000002.34497807320.0000000000DB8000.00000004.00000020.sdmp | String found in binary or memory: https://drive.google.com/ |
Source: RegAsm.exe, 00000005.00000002.34497807320.0000000000DB8000.00000004.00000020.sdmp | String found in binary or memory: https://drive.google.com/% |
Source: RegAsm.exe, 00000005.00000002.34497807320.0000000000DB8000.00000004.00000020.sdmp | String found in binary or memory: https://drive.google.com/uc?export=download&id=1ush64eeGGoMv4pcIA9UNmkEac9u-lIf4 |
Source: RegAsm.exe, 00000005.00000003.29936728119.0000000000E47000.00000004.00000001.sdmp | String found in binary or memory: https://drive.google.com/uc?export=download&id=1ush64eeGGoMv4pcIA9UNmkEac9u-lIf4_8Ni776JkBaCRGsu4 |
Source: RegAsm.exe, 00000005.00000002.34499400097.0000000000EF0000.00000004.00000001.sdmp | String found in binary or memory: https://drive.google.com/uc?export=download&id=1ush64eeGGoMv4pcIA9UNmkEac9u-lIf4wininet.dllMozilla/5 |
Source: RegAsm.exe, 00000005.00000002.34509696267.000000001DCA4000.00000004.00000001.sdmp | String found in binary or memory: https://login.live.com/ |
Source: RegAsm.exe, 00000005.00000002.34508937788.000000001DBF1000.00000004.00000001.sdmp | String found in binary or memory: https://login.live.com// |
Source: RegAsm.exe, 00000005.00000002.34508937788.000000001DBF1000.00000004.00000001.sdmp | String found in binary or memory: https://login.live.com/https://login.live.com/ |
Source: RegAsm.exe, 00000005.00000002.34508937788.000000001DBF1000.00000004.00000001.sdmp | String found in binary or memory: https://login.live.com/v104 |
Source: RegAsm.exe, 00000005.00000002.34509696267.000000001DCA4000.00000004.00000001.sdmp | String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash |
Source: RegAsm.exe, 00000005.00000002.34508937788.000000001DBF1000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00A46988 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00A41410 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00A81130 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00A8BA30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00A83A50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00A84320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00A8C790 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00A83708 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1C999868 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1C99AAE2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1C99AA00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1C99EFCD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1C991D28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1C993330 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1C9B8478 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1C9BEDB8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1C9B19B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1C9BD2B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1C9BDAA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1C9BED5A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1C9B3230 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1C9B3240 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1DA45E08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1DA44ACC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1DA45DC1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1DA46AF1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1C9971E0 |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Code function: 1_2_0040407C pushfd ; retf |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Code function: 1_2_00404004 pushfd ; retf |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Code function: 1_2_004040D2 pushfd ; retf |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Code function: 1_2_00406AAD push edi; retf |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Code function: 1_2_00408578 push BCCCD893h; retf |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Code function: 1_2_00405124 push ebp; ret |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Code function: 1_2_0040332B pushad ; ret |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Code function: 1_2_004053ED push 98EC4AA3h; iretd |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Code function: 1_2_004031F9 push cs; retf |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Code function: 1_2_00403397 pushad ; ret |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Code function: 1_2_0040639F push eax; iretd |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Code function: 1_2_00406BB3 push edi; ret |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Code function: 1_2_022D0028 push ebx; retf |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Code function: 1_2_022D3440 pushfd ; ret |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Code function: 1_2_022D5C9E push ecx; iretd |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Code function: 1_2_022D091A push cs; iretd |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Code function: 1_2_022D23D4 push cs; iretd |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Advice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: Payment_Advice.exe, 00000001.00000002.29963601470.00000000005FD000.00000004.00000020.sdmp | Binary or memory string: `ROGRAM FILES\QEMU-GA\QEMU-GA.EXELY |
Source: Payment_Advice.exe, 00000001.00000002.29963601470.00000000005FD000.00000004.00000020.sdmp | Binary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEY# |
Source: Payment_Advice.exe, 00000001.00000002.29964237230.00000000022F0000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000002.34499400097.0000000000EF0000.00000004.00000001.sdmp | Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE |
Source: Payment_Advice.exe, 00000001.00000002.29964237230.00000000022F0000.00000004.00000001.sdmp | Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERSHELL32ADVAPI32USERPROFILE=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLL |
Source: RegAsm.exe, 00000005.00000002.34499400097.0000000000EF0000.00000004.00000001.sdmp | Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERSHELL32ADVAPI32USERPROFILE=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1USH64EEGGOMV4PCIA9UNMKEAC9U-LIF4WININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKO |
Source: Payment_Advice.exe, 00000001.00000002.29963601470.00000000005FD000.00000004.00000020.sdmp | Binary or memory string: `rogram Files\Qemu-ga\qemu-ga.exely |
Source: RegAsm.exe, 00000005.00000002.34499400097.0000000000EF0000.00000004.00000001.sdmp | Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublishershell32advapi32USERPROFILE=https://drive.google.com/uc?export=download&id=1ush64eeGGoMv4pcIA9UNmkEac9u-lIf4wininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko |
Source: Payment_Advice.exe, 00000001.00000002.29963601470.00000000005FD000.00000004.00000020.sdmp | Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exey# |
Source: RegAsm.exe, 00000005.00000002.34498399418.0000000000E36000.00000004.00000020.sdmp | Binary or memory string: Hyper-V RAWe |
Source: Payment_Advice.exe, 00000001.00000002.29964237230.00000000022F0000.00000004.00000001.sdmp | Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublishershell32advapi32USERPROFILE=windir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dll |
Source: RegAsm.exe, 00000005.00000002.34497807320.0000000000DB8000.00000004.00000020.sdmp | Binary or memory string: Hyper-V RAW |
Source: Payment_Advice.exe, 00000001.00000002.29964237230.00000000022F0000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000002.34499400097.0000000000EF0000.00000004.00000001.sdmp | Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |