Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00A0CF6Fh |
24_2_00A0CCC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00A0FADFh |
24_2_00A0F838 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00A0C6BFh |
24_2_00A0C418 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00A0CB17h |
24_2_00A0C870 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00A0DC77h |
24_2_00A0D9D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00A0D3C7h |
24_2_00A0D120 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00A0D81Fh |
24_2_00A0D578 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00A0E527h |
24_2_00A0E280 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00A0E97Fh |
24_2_00A0E6D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00A0E0CFh |
24_2_00A0DE28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00A0F22Fh |
24_2_00A0EF88 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00A0F687h |
24_2_00A0F3E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00A0EDD7h |
24_2_00A0EB30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov esp, ebp |
24_2_00A0C180 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov esp, ebp |
24_2_00A0C190 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 1DABF0AFh |
24_2_1DABEDF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 1DABD831h |
24_2_1DABCE48 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 1DABE258h |
24_2_1DABDE40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 1DABEC4Fh |
24_2_1DABE990 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 1DABDC91h |
24_2_1DABD9D1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 1DABFDCFh |
24_2_1DABFB11 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 1DABF96Fh |
24_2_1DABF6B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 1DABF50Fh |
24_2_1DABF252 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 1DABE258h |
24_2_1DABDE31 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
24_2_1DABC99B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
24_2_1DABCB7C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 1DABE258h |
24_2_1DABE186 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
24_2_1DABC368 |
Source: RegAsm.exe, 00000018.00000002.6271466911.000000001DD7C000.00000004.00000001.sdmp |
String found in binary or memory: http://checkip.dyndns.com |
Source: RegAsm.exe, 00000018.00000002.6271305242.000000001DD70000.00000004.00000001.sdmp |
String found in binary or memory: http://checkip.dyndns.org |
Source: RegAsm.exe, 00000018.00000002.6269476123.000000001DCC1000.00000004.00000001.sdmp |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: RegAsm.exe, 00000018.00000003.2085376210.0000000001095000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: RegAsm.exe, 00000018.00000003.2085376210.0000000001095000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: RegAsm.exe, 00000018.00000002.6271691821.000000001DD9D000.00000004.00000001.sdmp |
String found in binary or memory: http://freegeoip.app |
Source: UserOOBEBroker.exe, 00000021.00000002.6244747221.0000017B93A90000.00000002.00020000.sdmp |
String found in binary or memory: http://schemas.microso |
Source: RegAsm.exe, 00000018.00000002.6269476123.000000001DCC1000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: RegAsm.exe, 00000018.00000003.2085376210.0000000001095000.00000004.00000001.sdmp, RegAsm.exe, 00000018.00000003.2090010661.0000000001095000.00000004.00000001.sdmp |
String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/ |
Source: RegAsm.exe, 00000018.00000003.2085376210.0000000001095000.00000004.00000001.sdmp, RegAsm.exe, 00000018.00000002.6250601315.0000000001008000.00000004.00000020.sdmp |
String found in binary or memory: https://doc-08-4k-docs.googleusercontent.com/ |
Source: RegAsm.exe, 00000018.00000002.6253487023.0000000001071000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-08-4k-docs.googleusercontent.com/%%doc-08-4k-docs.googleusercontent.com |
Source: RegAsm.exe, 00000018.00000003.2375703066.0000000001052000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-08-4k-docs.googleusercontent.com/A |
Source: RegAsm.exe, 00000018.00000003.2375703066.0000000001052000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-08-4k-docs.googleusercontent.com/L |
Source: RegAsm.exe, 00000018.00000003.2090010661.0000000001095000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-08-4k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/3ec96pm2 |
Source: RegAsm.exe, 00000018.00000002.6251289990.0000000001025000.00000004.00000001.sdmp |
String found in binary or memory: https://drive.google.com/ |
Source: RegAsm.exe, 00000018.00000002.6251289990.0000000001025000.00000004.00000001.sdmp |
String found in binary or memory: https://drive.google.com/M( |
Source: RegAsm.exe, 00000018.00000002.6251289990.0000000001025000.00000004.00000001.sdmp, RegAsm.exe, 00000018.00000002.6249062375.0000000000DD0000.00000004.00000001.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1fuTtg-3dZntlAsxF1yPdYhIzZ_wio3sJ |
Source: RegAsm.exe, 00000018.00000002.6251289990.0000000001025000.00000004.00000001.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1fuTtg-3dZntlAsxF1yPdYhIzZ_wio3sJ4&/ |
Source: RegAsm.exe, 00000018.00000003.2085376210.0000000001095000.00000004.00000001.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1fuTtg-3dZntlAsxF1yPdYhIzZ_wio3sJTad-woJtmtPfZ2CsQ |
Source: RegAsm.exe, 00000018.00000002.6271466911.000000001DD7C000.00000004.00000001.sdmp |
String found in binary or memory: https://freegeoip.app |
Source: RegAsm.exe, 00000018.00000002.6271466911.000000001DD7C000.00000004.00000001.sdmp |
String found in binary or memory: https://freegeoip.app/xml/ |
Source: RegAsm.exe, 00000018.00000002.6271466911.000000001DD7C000.00000004.00000001.sdmp |
String found in binary or memory: https://freegeoip.app/xml/102.129.143.96 |
Source: RegAsm.exe, 00000018.00000002.6272163007.000000001DDE1000.00000004.00000001.sdmp |
String found in binary or memory: https://login.live.com/ |
Source: RegAsm.exe, 00000018.00000002.6272163007.000000001DDE1000.00000004.00000001.sdmp |
String found in binary or memory: https://login.live.com// |
Source: RegAsm.exe, 00000018.00000002.6272163007.000000001DDE1000.00000004.00000001.sdmp |
String found in binary or memory: https://login.live.com/https://login.live.com/ |
Source: RegAsm.exe, 00000018.00000002.6272163007.000000001DDE1000.00000004.00000001.sdmp |
String found in binary or memory: https://login.live.com/v104 |
Source: RegAsm.exe, 00000018.00000002.6272576739.000000001DE08000.00000004.00000001.sdmp |
String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_00401868 |
0_2_00401868 |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_0040228E |
0_2_0040228E |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_00403253 |
0_2_00403253 |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_0040346F |
0_2_0040346F |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_00403612 |
0_2_00403612 |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_004032D9 |
0_2_004032D9 |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_004034FC |
0_2_004034FC |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_00403353 |
0_2_00403353 |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_004033E4 |
0_2_004033E4 |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_00403583 |
0_2_00403583 |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_004031B3 |
0_2_004031B3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0CCC8 |
24_2_00A0CCC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0F838 |
24_2_00A0F838 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0C418 |
24_2_00A0C418 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0C870 |
24_2_00A0C870 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0D9D0 |
24_2_00A0D9D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0D120 |
24_2_00A0D120 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0D578 |
24_2_00A0D578 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0E280 |
24_2_00A0E280 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0E6D8 |
24_2_00A0E6D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0DE28 |
24_2_00A0DE28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A02208 |
24_2_00A02208 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0EF88 |
24_2_00A0EF88 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A097E0 |
24_2_00A097E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0F3E0 |
24_2_00A0F3E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A06728 |
24_2_00A06728 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0EB30 |
24_2_00A0EB30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0CCB8 |
24_2_00A0CCB8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0F828 |
24_2_00A0F828 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0C408 |
24_2_00A0C408 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0C86C |
24_2_00A0C86C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A05D80 |
24_2_00A05D80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A021FA |
24_2_00A021FA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0D9C0 |
24_2_00A0D9C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A05923 |
24_2_00A05923 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0D111 |
24_2_00A0D111 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0D569 |
24_2_00A0D569 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A05D70 |
24_2_00A05D70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0E6C8 |
24_2_00A0E6C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0BA30 |
24_2_00A0BA30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0DE18 |
24_2_00A0DE18 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0E271 |
24_2_00A0E271 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A097CF |
24_2_00A097CF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0F3DC |
24_2_00A0F3DC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0EB21 |
24_2_00A0EB21 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_00A0EF79 |
24_2_00A0EF79 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_1DABEDF0 |
24_2_1DABEDF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_1DAB2F0A |
24_2_1DAB2F0A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_1DABCE48 |
24_2_1DABCE48 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_1DABE990 |
24_2_1DABE990 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_1DABD9D1 |
24_2_1DABD9D1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_1DABFB11 |
24_2_1DABFB11 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_1DAB5A68 |
24_2_1DAB5A68 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_1DAB4440 |
24_2_1DAB4440 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_1DABF6B0 |
24_2_1DABF6B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_1DAB9148 |
24_2_1DAB9148 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_1DAB6090 |
24_2_1DAB6090 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_1DABE2D0 |
24_2_1DABE2D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_1DABF252 |
24_2_1DABF252 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_1DABC368 |
24_2_1DABC368 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_1DABC357 |
24_2_1DABC357 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 24_2_1DABE2C1 |
24_2_1DABE2C1 |
Source: unknown |
Process created: C:\Users\user\Desktop\Statement of Account.exe 'C:\Users\user\Desktop\Statement of Account.exe' |
|
Source: C:\Users\user\Desktop\Statement of Account.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Statement of Account.exe' |
|
Source: C:\Users\user\Desktop\Statement of Account.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Statement of Account.exe' |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Windows\System32\oobe\UserOOBEBroker.exe C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding |
|
Source: C:\Users\user\Desktop\Statement of Account.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Statement of Account.exe' |
Jump to behavior |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Statement of Account.exe' |
Jump to behavior |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_00403F55 push 00000043h; ret |
0_2_00403F65 |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_004021A3 push FFFFFFC6h; retf |
0_2_00402213 |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_004067B9 push eax; retf |
0_2_004067BA |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_02273C40 push esi; iretd |
0_2_02273C41 |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_02270EF6 push BA9255A5h; ret |
0_2_02270F1A |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_022728FC pushfd ; ret |
0_2_02272908 |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_02270F14 push BA9255A5h; ret |
0_2_02270F1A |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_02273362 push cs; ret |
0_2_02273364 |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_02272B4E push ss; retf |
0_2_02272B5B |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_02272DCD push cs; iretd |
0_2_02272DCE |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Code function: 0_2_022733C8 pushfd ; ret |
0_2_022733CE |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Statement of Account.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Statement of Account.exe, 00000000.00000002.2113295869.0000000002250000.00000004.00000001.sdmp |
Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32USERPROFILE=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLL |
Source: RegAsm.exe, 00000018.00000002.6249062375.0000000000DD0000.00000004.00000001.sdmp |
Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32USERPROFILE=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1FUTTG-3DZNTLASXF1YPDYHIZZ_WIO3SJ |
Source: Statement of Account.exe, 00000000.00000002.2113295869.0000000002250000.00000004.00000001.sdmp, RegAsm.exe, 00000018.00000002.6249062375.0000000000DD0000.00000004.00000001.sdmp |
Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE |
Source: Statement of Account.exe, 00000000.00000002.2115655986.00000000047E9000.00000004.00000001.sdmp, RegAsm.exe, 00000018.00000002.6259539554.00000000028E9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Guest Shutdown Service |
Source: Statement of Account.exe, 00000000.00000002.2115655986.00000000047E9000.00000004.00000001.sdmp, RegAsm.exe, 00000018.00000002.6259539554.00000000028E9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Remote Desktop Virtualization Service |
Source: RegAsm.exe, 00000018.00000002.6259539554.00000000028E9000.00000004.00000001.sdmp |
Binary or memory string: vmicshutdown |
Source: Statement of Account.exe, 00000000.00000002.2115655986.00000000047E9000.00000004.00000001.sdmp, RegAsm.exe, 00000018.00000002.6259539554.00000000028E9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Volume Shadow Copy Requestor |
Source: Statement of Account.exe, 00000000.00000002.2115655986.00000000047E9000.00000004.00000001.sdmp, RegAsm.exe, 00000018.00000002.6259539554.00000000028E9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V PowerShell Direct Service |
Source: RegAsm.exe, 00000018.00000002.6253487023.0000000001071000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAWr |
Source: Statement of Account.exe, 00000000.00000002.2115655986.00000000047E9000.00000004.00000001.sdmp, RegAsm.exe, 00000018.00000002.6259539554.00000000028E9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Time Synchronization Service |
Source: RegAsm.exe, 00000018.00000002.6259539554.00000000028E9000.00000004.00000001.sdmp |
Binary or memory string: vmicvss |
Source: RegAsm.exe, 00000018.00000002.6252181166.0000000001044000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW |
Source: Statement of Account.exe, 00000000.00000002.2113295869.0000000002250000.00000004.00000001.sdmp, RegAsm.exe, 00000018.00000002.6249062375.0000000000DD0000.00000004.00000001.sdmp |
Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: Statement of Account.exe, 00000000.00000002.2115655986.00000000047E9000.00000004.00000001.sdmp, RegAsm.exe, 00000018.00000002.6259539554.00000000028E9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Data Exchange Service |
Source: Statement of Account.exe, 00000000.00000002.2115655986.00000000047E9000.00000004.00000001.sdmp, RegAsm.exe, 00000018.00000002.6259539554.00000000028E9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Heartbeat Service |
Source: Statement of Account.exe, 00000000.00000002.2115655986.00000000047E9000.00000004.00000001.sdmp, RegAsm.exe, 00000018.00000002.6259539554.00000000028E9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Guest Service Interface |
Source: RegAsm.exe, 00000018.00000002.6249062375.0000000000DD0000.00000004.00000001.sdmp |
Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32USERPROFILE=https://drive.google.com/uc?export=download&id=1fuTtg-3dZntlAsxF1yPdYhIzZ_wio3sJ |
Source: RegAsm.exe, 00000018.00000002.6259539554.00000000028E9000.00000004.00000001.sdmp |
Binary or memory string: vmicheartbeat |
Source: Statement of Account.exe, 00000000.00000002.2113295869.0000000002250000.00000004.00000001.sdmp |
Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32USERPROFILE=windir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dllwindir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dll |
Source: RegAsm.exe, 00000018.00000002.6257959378.0000000001490000.00000002.00020000.sdmp, UserOOBEBroker.exe, 00000021.00000002.6248640820.0000017B942B0000.00000002.00020000.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: RegAsm.exe, 00000018.00000002.6257959378.0000000001490000.00000002.00020000.sdmp, UserOOBEBroker.exe, 00000021.00000002.6248640820.0000017B942B0000.00000002.00020000.sdmp |
Binary or memory string: Progman |
Source: RegAsm.exe, 00000018.00000002.6257959378.0000000001490000.00000002.00020000.sdmp, UserOOBEBroker.exe, 00000021.00000002.6248640820.0000017B942B0000.00000002.00020000.sdmp |
Binary or memory string: BProgram Manager=j |
Source: RegAsm.exe, 00000018.00000002.6257959378.0000000001490000.00000002.00020000.sdmp, UserOOBEBroker.exe, 00000021.00000002.6248640820.0000017B942B0000.00000002.00020000.sdmp |
Binary or memory string: Progmanlock |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |