Source: RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5640613473.000000001DE54000.00000004.00000001.sdmp |
String found in binary or memory: http://L3TFBaO3nLwUP4KRw.com |
Source: RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp |
String found in binary or memory: http://L3TFBaO3nLwUP4KRw.comt- |
Source: RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp |
String found in binary or memory: http://aSuCYu.com |
Source: RegAsm.exe, 0000001B.00000002.5623907420.00000000010C0000.00000004.00000020.sdmp |
String found in binary or memory: http://cps.letsencrypt.org0 |
Source: RegAsm.exe, 0000001B.00000003.1147991565.0000000001100000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: RegAsm.exe, 0000001B.00000003.1147991565.0000000001100000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: RegAsm.exe, 0000001B.00000002.5646495418.000000001FF1B000.00000004.00000001.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en |
Source: RegAsm.exe, 0000001B.00000002.5646495418.000000001FF1B000.00000004.00000001.sdmp, 77EC63BDA74BD0D0E0426DC8F8008506.27.dr |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: RegAsm.exe, 0000001B.00000002.5640852632.000000001DE6C000.00000004.00000001.sdmp |
String found in binary or memory: http://mail.tccinfaes.com |
Source: RegAsm.exe, 0000001B.00000002.5623907420.00000000010C0000.00000004.00000020.sdmp |
String found in binary or memory: http://r3.i.lencr.org/0) |
Source: RegAsm.exe, 0000001B.00000002.5623907420.00000000010C0000.00000004.00000020.sdmp |
String found in binary or memory: http://r3.o.lencr.org0 |
Source: RegAsm.exe, 0000001B.00000002.5640852632.000000001DE6C000.00000004.00000001.sdmp |
String found in binary or memory: http://tccinfaes.com |
Source: RegAsm.exe, 0000001B.00000002.5623907420.00000000010C0000.00000004.00000020.sdmp |
String found in binary or memory: http://x1.c.lencr.org/0 |
Source: RegAsm.exe, 0000001B.00000002.5623907420.00000000010C0000.00000004.00000020.sdmp, 2D85F72862B55C4EADD9E66E06947F3D.27.dr |
String found in binary or memory: http://x1.i.lencr.org/ |
Source: RegAsm.exe, 0000001B.00000002.5623907420.00000000010C0000.00000004.00000020.sdmp |
String found in binary or memory: http://x1.i.lencr.org/0 |
Source: RegAsm.exe, 0000001B.00000003.1147991565.0000000001100000.00000004.00000001.sdmp |
String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/ |
Source: RegAsm.exe, 0000001B.00000003.1147991565.0000000001100000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-04-ak-docs.googleusercontent.com/ |
Source: RegAsm.exe, 0000001B.00000003.1147991565.0000000001100000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-04-ak-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/qc1fdhq8 |
Source: RegAsm.exe, 0000001B.00000002.5623907420.00000000010C0000.00000004.00000020.sdmp |
String found in binary or memory: https://doc-04-ak-docs.googleusercontent.com/q |
Source: RegAsm.exe, 0000001B.00000002.5623186100.000000000107A000.00000004.00000020.sdmp |
String found in binary or memory: https://drive.google.com/ |
Source: RegAsm.exe, 0000001B.00000002.5623186100.000000000107A000.00000004.00000020.sdmp |
String found in binary or memory: https://drive.google.com/(& |
Source: RegAsm.exe, 0000001B.00000002.5622662843.0000000000EF0000.00000004.00000001.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1sPphH_DrSUT3UeS4UDzeclKCi9pqFiSe |
Source: RegAsm.exe, 0000001B.00000002.5623186100.000000000107A000.00000004.00000020.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1sPphH_DrSUT3UeS4UDzeclKCi9pqFiSed |
Source: RegAsm.exe, 0000001B.00000003.1147991565.0000000001100000.00000004.00000001.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1sPphH_DrSUT3UeS4UDzeclKCi9pqFiSezw3D3zbFqIK2JnI8U |
Source: RegAsm.exe, 0000001B.00000002.5640184321.000000001DDFE000.00000004.00000001.sdmp |
String found in binary or memory: https://login.live.com/ |
Source: RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp |
String found in binary or memory: https://login.live.com// |
Source: RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp |
String found in binary or memory: https://login.live.com/https://login.live.com/ |
Source: RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp |
String found in binary or memory: https://login.live.com/v104 |
Source: RegAsm.exe, 0000001B.00000002.5640184321.000000001DDFE000.00000004.00000001.sdmp |
String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash |
Source: RegAsm.exe, 0000001B.00000002.5639470864.000000001DD61000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Code function: 0_2_004016F4 |
0_2_004016F4 |
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Code function: 0_2_00401741 |
0_2_00401741 |
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Code function: 0_2_00401505 |
0_2_00401505 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_00C41130 |
27_2_00C41130 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_00C43A50 |
27_2_00C43A50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_00C4BA70 |
27_2_00C4BA70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_00C44320 |
27_2_00C44320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_00C4C7D0 |
27_2_00C4C7D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_00C43708 |
27_2_00C43708 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_00CA08F8 |
27_2_00CA08F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_00CA6EA0 |
27_2_00CA6EA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_00D0BEE1 |
27_2_00D0BEE1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_00D0BFBB |
27_2_00D0BFBB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_0139DC28 |
27_2_0139DC28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_013997F0 |
27_2_013997F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_0139D7D0 |
27_2_0139D7D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_0139BE50 |
27_2_0139BE50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_013942F3 |
27_2_013942F3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_013944F8 |
27_2_013944F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_01397E00 |
27_2_01397E00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_014AF9E0 |
27_2_014AF9E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_014A0040 |
27_2_014A0040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_014A6068 |
27_2_014A6068 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_014AE7A4 |
27_2_014AE7A4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_014AAA68 |
27_2_014AAA68 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_014A7228 |
27_2_014A7228 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_014A721F |
27_2_014A721F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_1DCE5E08 |
27_2_1DCE5E08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_1DCE4ACC |
27_2_1DCE4ACC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_1DCE5D20 |
27_2_1DCE5D20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_1DCE6AF1 |
27_2_1DCE6AF1 |
Source: unknown |
Process created: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe 'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe' |
|
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe' |
|
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe' |
|
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe' |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe' |
Jump to behavior |
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe' |
Jump to behavior |
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe' |
Jump to behavior |
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Code function: 0_2_00404871 pushfd ; ret |
0_2_00404883 |
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Code function: 0_2_00404A8E push ebx; iretd |
0_2_00404A5D |
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Code function: 0_2_00403901 push FFFFFF9Dh; ret |
0_2_00403903 |
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Code function: 0_2_02AB26AD push es; ret |
0_2_02AB26B0 |
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Code function: 0_2_02AB64B8 push es; ret |
0_2_02AB6510 |
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Code function: 0_2_02AB64B5 push es; ret |
0_2_02AB6510 |
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Code function: 0_2_02AB2E8D push 0000002Ah; ret |
0_2_02AB2E8F |
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Code function: 0_2_02AB429C push edi; retf |
0_2_02AB42A0 |
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Code function: 0_2_02AB6428 push es; ret |
0_2_02AB6510 |
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Code function: 0_2_02AB5A21 push FFFFFF83h; retf |
0_2_02AB5A30 |
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Code function: 0_2_02AB6503 push es; ret |
0_2_02AB6510 |
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Code function: 0_2_02AB511D push esp; ret |
0_2_02AB5124 |
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Code function: 0_2_02AB2B4C push ebx; retf |
0_2_02AB2B53 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_00C4E5D8 push ds; iretd |
27_2_00C4E6E2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_00C4E5C8 push ds; iretd |
27_2_00C4E5CA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_00C4C6C1 push es; iretd |
27_2_00C4C6C2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_00C4C7C8 push es; iretd |
27_2_00C4C7CA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_00C4D780 push ss; iretd |
27_2_00C4D782 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_00CA1A20 push ds; ret |
27_2_00CA1B1F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_0139D7D0 pushfd ; iretd |
27_2_0139DB7A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_0139DB80 pushfd ; iretd |
27_2_0139DB82 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_0139DBD0 pushfd ; iretd |
27_2_0139DBD2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_01396A90 push edx; iretd |
27_2_01396A92 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_01396A89 push esp; iretd |
27_2_01396A8A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_0139F2C1 push E9200622h; ret |
27_2_0139F2C6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 27_2_01397C88 pushad ; iretd |
27_2_01397C89 |
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Fra FAC-ES101-2107-03806.doc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: RegAsm.exe, 0000001B.00000002.5622662843.0000000000EF0000.00000004.00000001.sdmp |
Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32USERPROFILE=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1SPPHH_DRSUT3UES4UDZECLKCI9PQFISE |
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1175805374.0000000002AD0000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5622662843.0000000000EF0000.00000004.00000001.sdmp |
Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE |
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1175805374.0000000002AD0000.00000004.00000001.sdmp |
Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32USERPROFILE=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLL |
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1177269866.0000000004C19000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Guest Shutdown Service |
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1177269866.0000000004C19000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Remote Desktop Virtualization Service |
Source: RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp |
Binary or memory string: vmicshutdown |
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1177269866.0000000004C19000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Volume Shadow Copy Requestor |
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1177269866.0000000004C19000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V PowerShell Direct Service |
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1177269866.0000000004C19000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Time Synchronization Service |
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1175805374.0000000002AD0000.00000004.00000001.sdmp |
Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32USERPROFILE=windir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dllwindir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dllwindir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dll |
Source: RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp |
Binary or memory string: vmicvss |
Source: RegAsm.exe, 0000001B.00000002.5623186100.000000000107A000.00000004.00000020.sdmp |
Binary or memory string: Hyper-V RAW |
Source: RegAsm.exe, 0000001B.00000002.5624448951.00000000010EF000.00000004.00000020.sdmp |
Binary or memory string: Hyper-V RAWf |
Source: RegAsm.exe, 0000001B.00000002.5622662843.0000000000EF0000.00000004.00000001.sdmp |
Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32USERPROFILE=https://drive.google.com/uc?export=download&id=1sPphH_DrSUT3UeS4UDzeclKCi9pqFiSe |
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1175805374.0000000002AD0000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5622662843.0000000000EF0000.00000004.00000001.sdmp |
Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1177269866.0000000004C19000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Data Exchange Service |
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1177269866.0000000004C19000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Heartbeat Service |
Source: Fra FAC-ES101-2107-03806.doc.exe, 00000000.00000002.1177269866.0000000004C19000.00000004.00000001.sdmp, RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Guest Service Interface |
Source: RegAsm.exe, 0000001B.00000002.5630792884.0000000002B49000.00000004.00000001.sdmp |
Binary or memory string: vmicheartbeat |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |