Source: 16.2.RegAsm.exe.400000.0.unpack |
Avira: Label: TR/Spy.Gen8 |
Source: 16.0.RegAsm.exe.400000.10.unpack |
Avira: Label: TR/Spy.Gen8 |
Source: 16.0.RegAsm.exe.400000.6.unpack |
Avira: Label: TR/Spy.Gen8 |
Source: 16.0.RegAsm.exe.400000.12.unpack |
Avira: Label: TR/Spy.Gen8 |
Source: 16.0.RegAsm.exe.400000.8.unpack |
Avira: Label: TR/Spy.Gen8 |
Source: 16.0.RegAsm.exe.400000.4.unpack |
Avira: Label: TR/Spy.Gen8 |
Source: Yara match |
File source: 16.0.RegAsm.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 16.0.RegAsm.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 16.0.RegAsm.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 16.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 16.0.RegAsm.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 16.0.RegAsm.exe.400000.6.unpack, type: UNPACKEDPE |
Source: RegAsm.exe, 00000010.00000002.531353991.0000000002C51000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: RegAsm.exe, 00000010.00000002.531353991.0000000002C51000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: RegAsm.exe, 00000010.00000002.531353991.0000000002C51000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ZPEHvd.com |
Source: o.dll.0.dr |
String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: o.dll.0.dr |
String found in binary or memory: http://ocsp.thawte.com0 |
Source: o.dll.0.dr |
String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: o.dll.0.dr |
String found in binary or memory: http://s2.symcb.com0 |
Source: o.dll.0.dr |
String found in binary or memory: http://sv.symcb.com/sv.crl0a |
Source: o.dll.0.dr |
String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: o.dll.0.dr |
String found in binary or memory: http://sv.symcd.com0& |
Source: o.dll.0.dr |
String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: o.dll.0.dr |
String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: o.dll.0.dr |
String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: o.dll.0.dr |
String found in binary or memory: http://www.symauth.com/cps0( |
Source: o.dll.0.dr |
String found in binary or memory: http://www.symauth.com/rpa00 |
Source: RegAsm.exe, 00000010.00000002.531353991.0000000002C51000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.orgGETMozilla/5.0 |
Source: RegAsm.exe, 00000010.00000000.425108271.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot1160330796:AAF3SAwgW-OTi9M5kDhSZUlENwhKRvFOWe8/ |
Source: RegAsm.exe, 00000010.00000002.531353991.0000000002C51000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot1160330796:AAF3SAwgW-OTi9M5kDhSZUlENwhKRvFOWe8/sendDocumentdocument----- |
Source: o.dll.0.dr |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: o.dll.0.dr |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: RegAsm.exe, 00000010.00000000.425108271.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: RegAsm.exe, 00000010.00000002.531353991.0000000002C51000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: 16.0.RegAsm.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 16.0.RegAsm.exe.400000.10.unpack, type: UNPACKEDPE |
Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 16.0.RegAsm.exe.400000.8.unpack, type: UNPACKEDPE |
Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 16.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 16.0.RegAsm.exe.400000.12.unpack, type: UNPACKEDPE |
Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 16.0.RegAsm.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 00000010.00000002.531353991.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: Process Memory Space: RegAsm.exe PID: 5680, type: MEMORYSTR |
Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 63.exe, owjkr/vpvao.cs |
Large array initialization: .cctor: array initializer size 132624 |
Source: 0.0.63.exe.7c0000.0.unpack, owjkr/vpvao.cs |
Large array initialization: .cctor: array initializer size 132624 |
Source: 16.2.RegAsm.exe.400000.0.unpack, u003cPrivateImplementationDetailsu003eu007bD9E03315u002dB701u002d40B2u002dA9AAu002d216CD680177Fu007d/u003874ABDA0u002dAC0Cu002d4641u002dA022u002d803F71CBA88B.cs |
Large array initialization: .cctor: array initializer size 11839 |
Source: 16.0.RegAsm.exe.400000.10.unpack, u003cPrivateImplementationDetailsu003eu007bD9E03315u002dB701u002d40B2u002dA9AAu002d216CD680177Fu007d/u003874ABDA0u002dAC0Cu002d4641u002dA022u002d803F71CBA88B.cs |
Large array initialization: .cctor: array initializer size 11839 |
Source: 16.0.RegAsm.exe.400000.6.unpack, u003cPrivateImplementationDetailsu003eu007bD9E03315u002dB701u002d40B2u002dA9AAu002d216CD680177Fu007d/u003874ABDA0u002dAC0Cu002d4641u002dA022u002d803F71CBA88B.cs |
Large array initialization: .cctor: array initializer size 11839 |
Source: 16.0.RegAsm.exe.400000.12.unpack, u003cPrivateImplementationDetailsu003eu007bD9E03315u002dB701u002d40B2u002dA9AAu002d216CD680177Fu007d/u003874ABDA0u002dAC0Cu002d4641u002dA022u002d803F71CBA88B.cs |
Large array initialization: .cctor: array initializer size 11839 |
Source: 16.0.RegAsm.exe.400000.8.unpack, u003cPrivateImplementationDetailsu003eu007bD9E03315u002dB701u002d40B2u002dA9AAu002d216CD680177Fu007d/u003874ABDA0u002dAC0Cu002d4641u002dA022u002d803F71CBA88B.cs |
Large array initialization: .cctor: array initializer size 11839 |
Source: 16.0.RegAsm.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 16.0.RegAsm.exe.400000.10.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 16.0.RegAsm.exe.400000.8.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 16.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 16.0.RegAsm.exe.400000.12.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 16.0.RegAsm.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 00000010.00000002.531353991.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: Process Memory Space: RegAsm.exe PID: 5680, type: MEMORYSTR |
Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Code function: 16_2_00953DFE |
16_2_00953DFE |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Code function: 16_2_010B46E0 |
16_2_010B46E0 |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Code function: 16_2_010B4610 |
16_2_010B4610 |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Code function: 16_2_010B46B0 |
16_2_010B46B0 |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Code function: 16_2_010BD1A0 |
16_2_010BD1A0 |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Code function: 16_2_05EE6508 |
16_2_05EE6508 |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Code function: 16_2_05EE8CD8 |
16_2_05EE8CD8 |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Code function: 16_2_05EE7120 |
16_2_05EE7120 |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Code function: 16_2_05EE6850 |
16_2_05EE6850 |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Code function: 16_2_05EE2204 |
16_2_05EE2204 |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Code function: 16_2_05EE2194 |
16_2_05EE2194 |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Code function: 16_2_05EE2258 |
16_2_05EE2258 |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Code function: 16_2_05EE2224 |
16_2_05EE2224 |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Code function: 16_2_05EE2234 |
16_2_05EE2234 |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Code function: 16_2_05EE2202 |
16_2_05EE2202 |
Source: 63.exe, uhvtn/ruypt.cs |
Cryptographic APIs: 'TransformBlock' |
Source: 63.exe, muhbh/lnibr.cs |
Cryptographic APIs: 'TransformBlock' |
Source: 63.exe, qgfei/supzt.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 0.0.63.exe.7c0000.0.unpack, muhbh/lnibr.cs |
Cryptographic APIs: 'TransformBlock' |
Source: 0.0.63.exe.7c0000.0.unpack, qgfei/supzt.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 0.0.63.exe.7c0000.0.unpack, uhvtn/ruypt.cs |
Cryptographic APIs: 'TransformBlock' |
Source: 16.2.RegAsm.exe.400000.0.unpack, A/b2.cs |
Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 16.2.RegAsm.exe.400000.0.unpack, A/b2.cs |
Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 16.0.RegAsm.exe.400000.10.unpack, A/b2.cs |
Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 16.0.RegAsm.exe.400000.10.unpack, A/b2.cs |
Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Queries volume information: C:\Users\user\Desktop\63.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\63.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\RegAsm.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: 16.0.RegAsm.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 16.0.RegAsm.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 16.0.RegAsm.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 16.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 16.0.RegAsm.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 16.0.RegAsm.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000010.00000000.425108271.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000010.00000000.424683140.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000010.00000000.424295986.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000010.00000002.529314857.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000010.00000000.423853193.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000010.00000002.531353991.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: RegAsm.exe PID: 5680, type: MEMORYSTR |
Source: Yara match |
File source: 16.0.RegAsm.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 16.0.RegAsm.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 16.0.RegAsm.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 16.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 16.0.RegAsm.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 16.0.RegAsm.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000010.00000000.425108271.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000010.00000000.424683140.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000010.00000000.424295986.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000010.00000002.529314857.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000010.00000000.423853193.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000010.00000002.531353991.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: RegAsm.exe PID: 5680, type: MEMORYSTR |