Source: RegAsm.exe, 00000006.00000002.116546085620.000000001D611000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: RegAsm.exe, 00000006.00000002.116547448568.000000001D732000.00000004.00000001.sdmp, RegAsm.exe, 00000006.00000003.112858930394.00000000009D1000.00000004.00000001.sdmp |
String found in binary or memory: http://12jxJNEdrHvv9foosbQ.com |
Source: RegAsm.exe, 00000006.00000002.116546085620.000000001D611000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: RegAsm.exe, 00000006.00000002.116553077151.000000001F85D000.00000004.00000001.sdmp |
String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0 |
Source: RegAsm.exe, 00000006.00000002.116535332684.000000000073C000.00000004.00000020.sdmp |
String found in binary or memory: http://cps.letsencrypt.org0 |
Source: RegAsm.exe, 00000006.00000002.116553077151.000000001F85D000.00000004.00000001.sdmp |
String found in binary or memory: http://cps.root-x1.letsencrypt.org0 |
Source: RegAsm.exe, 00000006.00000003.111947575921.0000000000791000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: RegAsm.exe, 00000006.00000003.111947575921.0000000000791000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: RegAsm.exe, 00000006.00000002.116553077151.000000001F85D000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0 |
Source: RegAsm.exe, 00000006.00000002.116547302191.000000001D70E000.00000004.00000001.sdmp |
String found in binary or memory: http://mail.brimaq.com |
Source: RegAsm.exe, 00000006.00000002.116535332684.000000000073C000.00000004.00000020.sdmp |
String found in binary or memory: http://r3.i.lencr.org/0# |
Source: RegAsm.exe, 00000006.00000002.116535332684.000000000073C000.00000004.00000020.sdmp |
String found in binary or memory: http://r3.o.lencr.org0 |
Source: RegAsm.exe, 00000006.00000002.116535332684.000000000073C000.00000004.00000020.sdmp |
String found in binary or memory: http://x1.c.lencr.org/0 |
Source: RegAsm.exe, 00000006.00000002.116535332684.000000000073C000.00000004.00000020.sdmp |
String found in binary or memory: http://x1.i.lencr.org/0 |
Source: RegAsm.exe, 00000006.00000002.116546085620.000000001D611000.00000004.00000001.sdmp |
String found in binary or memory: http://xIzTkA.com |
Source: RegAsm.exe, 00000006.00000003.111947575921.0000000000791000.00000004.00000001.sdmp |
String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/ |
Source: RegAsm.exe, 00000006.00000003.111947575921.0000000000791000.00000004.00000001.sdmp, RegAsm.exe, 00000006.00000002.116535332684.000000000073C000.00000004.00000020.sdmp |
String found in binary or memory: https://doc-0o-50-docs.googleusercontent.com/ |
Source: RegAsm.exe, 00000006.00000002.116535332684.000000000073C000.00000004.00000020.sdmp |
String found in binary or memory: https://doc-0o-50-docs.googleusercontent.com/W |
Source: RegAsm.exe, 00000006.00000003.111947575921.0000000000791000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-0o-50-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/ubgela7l |
Source: RegAsm.exe, 00000006.00000002.116534991391.00000000006FA000.00000004.00000020.sdmp |
String found in binary or memory: https://drive.google.com/ |
Source: RegAsm.exe, 00000006.00000002.116534991391.00000000006FA000.00000004.00000020.sdmp |
String found in binary or memory: https://drive.google.com/& |
Source: RegAsm.exe, 00000006.00000002.116536424340.0000000000800000.00000004.00000001.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1R606ThBbUXrI8jJ5HXdyvI0FaWypamM9 |
Source: RegAsm.exe, 00000006.00000003.111947436454.0000000000781000.00000004.00000001.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1R606ThBbUXrI8jJ5HXdyvI0FaWypamM9I7ylOrutae-R8jtjc |
Source: RegAsm.exe, 00000006.00000002.116534991391.00000000006FA000.00000004.00000020.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1R606ThBbUXrI8jJ5HXdyvI0FaWypamM9S |
Source: RegAsm.exe, 00000006.00000002.116536424340.0000000000800000.00000004.00000001.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1R606ThBbUXrI8jJ5HXdyvI0FaWypamM9wininet.dllMozilla/5 |
Source: RegAsm.exe, 00000006.00000002.116546745972.000000001D69E000.00000004.00000001.sdmp |
String found in binary or memory: https://login.live.com/ |
Source: RegAsm.exe, 00000006.00000002.116546564036.000000001D67C000.00000004.00000001.sdmp |
String found in binary or memory: https://login.live.com// |
Source: RegAsm.exe, 00000006.00000002.116546564036.000000001D67C000.00000004.00000001.sdmp |
String found in binary or memory: https://login.live.com/https://login.live.com/ |
Source: RegAsm.exe, 00000006.00000002.116546564036.000000001D67C000.00000004.00000001.sdmp |
String found in binary or memory: https://login.live.com/v104 |
Source: RegAsm.exe, 00000006.00000002.116546745972.000000001D69E000.00000004.00000001.sdmp |
String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash |
Source: RegAsm.exe, 00000006.00000002.116546085620.000000001D611000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00111130 |
6_2_00111130 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00113A50 |
6_2_00113A50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_0011BA70 |
6_2_0011BA70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00114320 |
6_2_00114320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_0011F778 |
6_2_0011F778 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_0011C7D0 |
6_2_0011C7D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00113708 |
6_2_00113708 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00170040 |
6_2_00170040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00176868 |
6_2_00176868 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00171300 |
6_2_00171300 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_0056C250 |
6_2_0056C250 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_0056C281 |
6_2_0056C281 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_009778C0 |
6_2_009778C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_0097EC28 |
6_2_0097EC28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00975810 |
6_2_00975810 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00978E88 |
6_2_00978E88 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00973330 |
6_2_00973330 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_009A09D0 |
6_2_009A09D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_009A8040 |
6_2_009A8040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_009AA338 |
6_2_009AA338 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_009A5518 |
6_2_009A5518 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1C47E008 |
6_2_1C47E008 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1C479CBB |
6_2_1C479CBB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1C47617E |
6_2_1C47617E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1C47ED78 |
6_2_1C47ED78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1C47A108 |
6_2_1C47A108 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1C470040 |
6_2_1C470040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1C470006 |
6_2_1C470006 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1D475E08 |
6_2_1D475E08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1D474ACC |
6_2_1D474ACC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1D475E07 |
6_2_1D475E07 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1D476AFD |
6_2_1D476AFD |
Source: C:\Users\user\Desktop\Hesap Hareketleri 28-09-2021.exe |
Code function: 2_2_00402AE8 push es; ret |
2_2_00402B24 |
Source: C:\Users\user\Desktop\Hesap Hareketleri 28-09-2021.exe |
Code function: 2_2_004064F7 push 13C55635h; retf |
2_2_00406525 |
Source: C:\Users\user\Desktop\Hesap Hareketleri 28-09-2021.exe |
Code function: 2_2_0040431A pushfd ; retf |
2_2_0040431B |
Source: C:\Users\user\Desktop\Hesap Hareketleri 28-09-2021.exe |
Code function: 2_2_023A4238 push 00000054h; retf |
2_2_023A424C |
Source: C:\Users\user\Desktop\Hesap Hareketleri 28-09-2021.exe |
Code function: 2_2_023A3807 pushfd ; iretd |
2_2_023A3808 |
Source: C:\Users\user\Desktop\Hesap Hareketleri 28-09-2021.exe |
Code function: 2_2_023A3E7B push ebp; ret |
2_2_023A3E7D |
Source: C:\Users\user\Desktop\Hesap Hareketleri 28-09-2021.exe |
Code function: 2_2_023A106F push ecx; ret |
2_2_023A1209 |
Source: C:\Users\user\Desktop\Hesap Hareketleri 28-09-2021.exe |
Code function: 2_2_023A10D6 push ecx; ret |
2_2_023A1209 |
Source: C:\Users\user\Desktop\Hesap Hareketleri 28-09-2021.exe |
Code function: 2_2_023A5533 push ebp; iretd |
2_2_023A5562 |
Source: C:\Users\user\Desktop\Hesap Hareketleri 28-09-2021.exe |
Code function: 2_2_023A111A push ecx; ret |
2_2_023A1209 |
Source: C:\Users\user\Desktop\Hesap Hareketleri 28-09-2021.exe |
Code function: 2_2_023A5563 push ebp; iretd |
2_2_023A5562 |
Source: C:\Users\user\Desktop\Hesap Hareketleri 28-09-2021.exe |
Code function: 2_2_023A318B push 8E2D3A7Eh; iretd |
2_2_023A3190 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00972177 push edi; retn 0000h |
6_2_00972179 |
Source: C:\Users\user\Desktop\Hesap Hareketleri 28-09-2021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Hesap Hareketleri 28-09-2021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Hesap Hareketleri 28-09-2021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Hesap Hareketleri 28-09-2021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Hesap Hareketleri 28-09-2021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: RegAsm.exe, 00000006.00000002.116536424340.0000000000800000.00000004.00000001.sdmp |
Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERSHELL32ADVAPI32USERPROFILE=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1R606THBBUXRI8JJ5HXDYVI0FAWYPAMM9WININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKO |
Source: Hesap Hareketleri 28-09-2021.exe, 00000002.00000002.111974973729.0000000002260000.00000004.00000001.sdmp, RegAsm.exe, 00000006.00000002.116536424340.0000000000800000.00000004.00000001.sdmp |
Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE |
Source: Hesap Hareketleri 28-09-2021.exe, 00000002.00000002.111974415755.00000000006E3000.00000004.00000020.sdmp |
Binary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE |
Source: Hesap Hareketleri 28-09-2021.exe, 00000002.00000002.111974973729.0000000002260000.00000004.00000001.sdmp |
Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERSHELL32ADVAPI32USERPROFILE=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLL |
Source: Hesap Hareketleri 28-09-2021.exe, 00000002.00000002.111974973729.0000000002260000.00000004.00000001.sdmp |
Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublishershell32advapi32USERPROFILE=windir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dll |
Source: RegAsm.exe, 00000006.00000002.116535615149.0000000000770000.00000004.00000020.sdmp |
Binary or memory string: Hyper-V RAW |
Source: Hesap Hareketleri 28-09-2021.exe, 00000002.00000002.111974973729.0000000002260000.00000004.00000001.sdmp, RegAsm.exe, 00000006.00000002.116536424340.0000000000800000.00000004.00000001.sdmp |
Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: RegAsm.exe, 00000006.00000002.116536424340.0000000000800000.00000004.00000001.sdmp |
Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublishershell32advapi32USERPROFILE=https://drive.google.com/uc?export=download&id=1R606ThBbUXrI8jJ5HXdyvI0FaWypamM9wininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko |
Source: RegAsm.exe, 00000006.00000002.116535615149.0000000000770000.00000004.00000020.sdmp |
Binary or memory string: Hyper-V RAW@j |
Source: Hesap Hareketleri 28-09-2021.exe, 00000002.00000002.111974415755.00000000006E3000.00000004.00000020.sdmp |
Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: RegAsm.exe, 00000006.00000002.116537659596.0000000000ED1000.00000002.00020000.sdmp |
Binary or memory string: Program Manager |
Source: RegAsm.exe, 00000006.00000002.116537659596.0000000000ED1000.00000002.00020000.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: RegAsm.exe, 00000006.00000002.116537659596.0000000000ED1000.00000002.00020000.sdmp |
Binary or memory string: Progman |
Source: RegAsm.exe, 00000006.00000002.116537659596.0000000000ED1000.00000002.00020000.sdmp |
Binary or memory string: Progmanlock |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |