Source: RegAsm.exe, 0000001A.00000002.5633190528.000000001DCC1000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: RegAsm.exe, 0000001A.00000002.5633190528.000000001DCC1000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: RegAsm.exe, 0000001A.00000002.5633190528.000000001DCC1000.00000004.00000001.sdmp |
String found in binary or memory: http://Hpdghc.com |
Source: RegAsm.exe, 0000001A.00000002.5642251197.000000001FF46000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: RegAsm.exe, 0000001A.00000003.972127154.0000000001086000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: RegAsm.exe, 0000001A.00000002.5642251197.000000001FF46000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q |
Source: RegAsm.exe, 0000001A.00000002.5635743077.000000001DDE5000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0 |
Source: RegAsm.exe, 0000001A.00000003.972127154.0000000001086000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: RegAsm.exe, 0000001A.00000002.5635743077.000000001DDE5000.00000004.00000001.sdmp |
String found in binary or memory: http://csavarcsapagyexpress.hu |
Source: RegAsm.exe, 0000001A.00000002.5635743077.000000001DDE5000.00000004.00000001.sdmp |
String found in binary or memory: http://mail.csavarcsapagyexpress.hu |
Source: RegAsm.exe, 0000001A.00000002.5642251197.000000001FF46000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: RegAsm.exe, 0000001A.00000003.972127154.0000000001086000.00000004.00000001.sdmp, RegAsm.exe, 0000001A.00000003.977239633.0000000001084000.00000004.00000001.sdmp |
String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/ |
Source: RegAsm.exe, 0000001A.00000003.972558924.0000000001081000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-04-9g-docs.googleusercontent.com/ |
Source: RegAsm.exe, 0000001A.00000003.977239633.0000000001084000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-04-9g-docs.googleusercontent.com/5 |
Source: RegAsm.exe, 0000001A.00000003.972558924.0000000001081000.00000004.00000001.sdmp, RegAsm.exe, 0000001A.00000003.977239633.0000000001084000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-04-9g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/p9irpuq1 |
Source: RegAsm.exe, 0000001A.00000002.5614964275.0000000001040000.00000004.00000020.sdmp |
String found in binary or memory: https://doc-04-9g-docs.googleusercontent.com/ij7 |
Source: RegAsm.exe, 0000001A.00000002.5614964275.0000000001040000.00000004.00000020.sdmp |
String found in binary or memory: https://doc-04-9g-docs.googleusercontent.com/qi; |
Source: RegAsm.exe, 0000001A.00000003.972558924.0000000001081000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-04-9g-docs.googleusercontent.com/tography |
Source: RegAsm.exe, 0000001A.00000002.5613874054.0000000000FF8000.00000004.00000020.sdmp |
String found in binary or memory: https://drive.google.com/ |
Source: RegAsm.exe, 0000001A.00000003.972558924.0000000001081000.00000004.00000001.sdmp, RegAsm.exe, 0000001A.00000002.5613195333.0000000000EA0000.00000004.00000001.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1kFeDtVEJdXDeWXxKM0sf_SDs1MXR4dov |
Source: RegAsm.exe, 0000001A.00000003.972558924.0000000001081000.00000004.00000001.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1kFeDtVEJdXDeWXxKM0sf_SDs1MXR4dov90yJjkpGPPugIoOr0 |
Source: RegAsm.exe, 0000001A.00000002.5633190528.000000001DCC1000.00000004.00000001.sdmp, RegAsm.exe, 0000001A.00000003.1894514695.0000000000ED1000.00000004.00000001.sdmp |
String found in binary or memory: https://jRW95HZ6DAQuQZac.org |
Source: RegAsm.exe, 0000001A.00000002.5635743077.000000001DDE5000.00000004.00000001.sdmp |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: RegAsm.exe, 0000001A.00000002.5633190528.000000001DCC1000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_00401679 |
0_2_00401679 |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_0040162C |
0_2_0040162C |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_0040143D |
0_2_0040143D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_00931130 |
26_2_00931130 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_0093BA18 |
26_2_0093BA18 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_00933A50 |
26_2_00933A50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_00934320 |
26_2_00934320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_00939570 |
26_2_00939570 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_0093C778 |
26_2_0093C778 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_00933708 |
26_2_00933708 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_00946AC8 |
26_2_00946AC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_00940890 |
26_2_00940890 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_01159168 |
26_2_01159168 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_0115CCA8 |
26_2_0115CCA8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_01155CE8 |
26_2_01155CE8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_0115C728 |
26_2_0115C728 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_01154E00 |
26_2_01154E00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_0115E498 |
26_2_0115E498 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_0115E0C0 |
26_2_0115E0C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_01151640 |
26_2_01151640 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_011699A8 |
26_2_011699A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_011669A8 |
26_2_011669A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_0116DB20 |
26_2_0116DB20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_0116C7D0 |
26_2_0116C7D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_01164EB0 |
26_2_01164EB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_01163330 |
26_2_01163330 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_1DAF5E08 |
26_2_1DAF5E08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_1DAF4ACC |
26_2_1DAF4ACC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_1DAF5E03 |
26_2_1DAF5E03 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_1DAF6AFB |
26_2_1DAF6AFB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_01166A61 |
26_2_01166A61 |
Source: unknown |
Process created: C:\Users\user\Desktop\Delivery note_241493.exe 'C:\Users\user\Desktop\Delivery note_241493.exe' |
|
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Delivery note_241493.exe' |
|
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Delivery note_241493.exe' |
|
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Delivery note_241493.exe' |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Delivery note_241493.exe' |
Jump to behavior |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Delivery note_241493.exe' |
Jump to behavior |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Delivery note_241493.exe' |
Jump to behavior |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_00405C5C push edx; retf |
0_2_00405C6F |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_00405E5F push esp; ret |
0_2_00405E60 |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_00406809 pushad ; iretd |
0_2_0040681A |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_00405A23 push cs; iretd |
0_2_00405ADA |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_004038B9 push 4EA9091Fh; iretd |
0_2_004038BE |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_00405376 pushad ; retf |
0_2_004053D4 |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_00405376 push esi; ret |
0_2_004054C4 |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_00406915 push edi; iretd |
0_2_00406917 |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_004053D5 push esi; ret |
0_2_004054C4 |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_023A1E7E push ds; iretd |
0_2_023A1E7F |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_023A084B push es; ret |
0_2_023A0854 |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_023A1AD7 push es; ret |
0_2_023A1AD8 |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_023A0ED4 push cs; retf |
0_2_023A0ED7 |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_023A1737 push es; ret |
0_2_023A1738 |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_023A317F push esp; iretw |
0_2_023A3180 |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_023A2B99 push ebp; retf |
0_2_023A2B9A |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_023A1790 push eax; iretd |
0_2_023A1792 |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_023A3B90 push esi; retf |
0_2_023A3B9E |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_023A27D0 push es; ret |
0_2_023A27D8 |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Code function: 0_2_023A0BD5 push es; ret |
0_2_023A0BD8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_01162177 push edi; retn 0000h |
26_2_01162179 |
Source: C:\Users\user\Desktop\Delivery note_241493.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: RegAsm.exe, 0000001A.00000002.5613195333.0000000000EA0000.00000004.00000001.sdmp |
Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32USERPROFILE=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1KFEDTVEJDXDEWXXKM0SF_SDS1MXR4DOV |
Source: Delivery note_241493.exe, 00000000.00000002.1001486270.0000000002C50000.00000004.00000001.sdmp, RegAsm.exe, 0000001A.00000002.5613195333.0000000000EA0000.00000004.00000001.sdmp |
Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE |
Source: Delivery note_241493.exe, 00000000.00000002.1000194791.00000000007A4000.00000004.00000020.sdmp |
Binary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE |
Source: Delivery note_241493.exe, 00000000.00000002.1001486270.0000000002C50000.00000004.00000001.sdmp |
Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32USERPROFILE=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLL |
Source: Delivery note_241493.exe, 00000000.00000002.1002888810.0000000004C89000.00000004.00000001.sdmp, RegAsm.exe, 0000001A.00000002.5623371409.0000000002A49000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Guest Shutdown Service |
Source: Delivery note_241493.exe, 00000000.00000002.1002888810.0000000004C89000.00000004.00000001.sdmp, RegAsm.exe, 0000001A.00000002.5623371409.0000000002A49000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Remote Desktop Virtualization Service |
Source: RegAsm.exe, 0000001A.00000002.5623371409.0000000002A49000.00000004.00000001.sdmp |
Binary or memory string: vmicshutdown |
Source: Delivery note_241493.exe, 00000000.00000002.1002888810.0000000004C89000.00000004.00000001.sdmp, RegAsm.exe, 0000001A.00000002.5623371409.0000000002A49000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Volume Shadow Copy Requestor |
Source: Delivery note_241493.exe, 00000000.00000002.1002888810.0000000004C89000.00000004.00000001.sdmp, RegAsm.exe, 0000001A.00000002.5623371409.0000000002A49000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V PowerShell Direct Service |
Source: Delivery note_241493.exe, 00000000.00000002.1002888810.0000000004C89000.00000004.00000001.sdmp, RegAsm.exe, 0000001A.00000002.5623371409.0000000002A49000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Time Synchronization Service |
Source: RegAsm.exe, 0000001A.00000002.5623371409.0000000002A49000.00000004.00000001.sdmp |
Binary or memory string: vmicvss |
Source: Delivery note_241493.exe, 00000000.00000002.1001486270.0000000002C50000.00000004.00000001.sdmp |
Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32USERPROFILE=windir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dllwindir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dllwindir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dll |
Source: RegAsm.exe, 0000001A.00000002.5614709541.000000000102E000.00000004.00000020.sdmp |
Binary or memory string: Hyper-V RAW |
Source: RegAsm.exe, 0000001A.00000002.5613195333.0000000000EA0000.00000004.00000001.sdmp |
Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32USERPROFILE=https://drive.google.com/uc?export=download&id=1kFeDtVEJdXDeWXxKM0sf_SDs1MXR4dov |
Source: RegAsm.exe, 0000001A.00000002.5615895453.0000000001070000.00000004.00000020.sdmp |
Binary or memory string: Hyper-V RAWj |
Source: Delivery note_241493.exe, 00000000.00000002.1001486270.0000000002C50000.00000004.00000001.sdmp, RegAsm.exe, 0000001A.00000002.5613195333.0000000000EA0000.00000004.00000001.sdmp |
Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: Delivery note_241493.exe, 00000000.00000002.1002888810.0000000004C89000.00000004.00000001.sdmp, RegAsm.exe, 0000001A.00000002.5623371409.0000000002A49000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Data Exchange Service |
Source: Delivery note_241493.exe, 00000000.00000002.1002888810.0000000004C89000.00000004.00000001.sdmp, RegAsm.exe, 0000001A.00000002.5623371409.0000000002A49000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Heartbeat Service |
Source: Delivery note_241493.exe, 00000000.00000002.1002888810.0000000004C89000.00000004.00000001.sdmp, RegAsm.exe, 0000001A.00000002.5623371409.0000000002A49000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Guest Service Interface |
Source: Delivery note_241493.exe, 00000000.00000002.1000194791.00000000007A4000.00000004.00000020.sdmp |
Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: RegAsm.exe, 0000001A.00000002.5623371409.0000000002A49000.00000004.00000001.sdmp |
Binary or memory string: vmicheartbeat |
Source: RegAsm.exe, 0000001A.00000002.5621609275.00000000015F0000.00000002.00020000.sdmp |
Binary or memory string: Program Manager |
Source: RegAsm.exe, 0000001A.00000002.5621609275.00000000015F0000.00000002.00020000.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: RegAsm.exe, 0000001A.00000002.5621609275.00000000015F0000.00000002.00020000.sdmp |
Binary or memory string: Progman |
Source: RegAsm.exe, 0000001A.00000002.5621609275.00000000015F0000.00000002.00020000.sdmp |
Binary or memory string: Progmanlock |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |