Source: millyscroqwp.shop | Avira URL Cloud: Label: malware |
Source: stamppreewntnq.shop | Avira URL Cloud: Label: phishing |
Source: condedqpwqm.shop | Avira URL Cloud: Label: phishing |
Source: https://froytnewqowv.shop/ | Avira URL Cloud: Label: phishing |
Source: https://froytnewqowv.shop/apiv | Avira URL Cloud: Label: phishing |
Source: caffegclasiqwp.shop | Avira URL Cloud: Label: malware |
Source: froytnewqowv.shop | Avira URL Cloud: Label: phishing |
Source: https://froytnewqowv.shop/api | Avira URL Cloud: Label: malware |
Source: locatedblsoqp.shop | Avira URL Cloud: Label: phishing |
Source: stagedchheiqwo.shop | Avira URL Cloud: Label: phishing |
Source: traineiwnqo.shop | Avira URL Cloud: Label: malware |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: caffegclasiqwp.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: stamppreewntnq.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: stagedchheiqwo.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: millyscroqwp.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: evoliutwoqm.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: condedqpwqm.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: traineiwnqo.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: locatedblsoqp.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: froytnewqowv.shop |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: TeslaBrowser/5.5 |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: - Screen Resoluton: |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: - Physical Installed Memory: |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: Workgroup: - |
Source: 2.2.RegAsm.exe.400000.0.unpack | String decryptor: 1AsNN2--pp1337 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov ecx, dword ptr [ebp-10h] | 2_2_00433065 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp byte ptr [edi+edx+09h], 00000000h | 2_2_0042E6A2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 2_2_0040F076 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then jmp eax | 2_2_004350C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then lea ecx, dword ptr [edx+edx*4] | 2_2_004098D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then movzx esi, word ptr [ecx] | 2_2_004190D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov ebx, dword ptr [edi+04h] | 2_2_004208D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 2_2_0041B0F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov ecx, dword ptr [esp+08h] | 2_2_0041B0F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov esi, dword ptr [esp+3Ch] | 2_2_0041B0F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h | 2_2_00419140 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp+04h] | 2_2_00436140 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then movzx edi, byte ptr [ecx+esi] | 2_2_00404110 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then jmp eax | 2_2_00420110 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then movzx eax, word ptr [ebx] | 2_2_004369D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then jmp edx | 2_2_0041A1D7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then jmp edx | 2_2_0041A1E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [ecx], al | 2_2_004149A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov ecx, dword ptr [esp] | 2_2_004149A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov ecx, dword ptr [esp] | 2_2_004149A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp+1Ch] | 2_2_0041DA40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov ecx, dword ptr [esp+04h] | 2_2_0041DA60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [esi], al | 2_2_0041DA60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp+10h] | 2_2_0040F277 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 2_2_0041B280 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov ecx, dword ptr [esp+08h] | 2_2_0041B280 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then movzx ebx, byte ptr [edx] | 2_2_0042A340 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 2_2_00432300 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then jmp ecx | 2_2_00434B0F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then jmp eax | 2_2_00434B0F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then add ebx, dword ptr [esp+10h] | 2_2_00421320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov ecx, dword ptr [esp] | 2_2_0041A3C9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp+10h] | 2_2_00410BEB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then movzx edx, byte ptr [esi+edi] | 2_2_004033F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp dword ptr [ebx+edi*8], 84AA3BD1h | 2_2_004363F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov word ptr [eax], cx | 2_2_004193A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp eax, 03h | 2_2_00404460 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 2_2_004144C9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then jmp ecx | 2_2_00434CD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then jmp eax | 2_2_00434CD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then movzx ecx, word ptr [esi+eax] | 2_2_004304B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov dword ptr [esp], 00000000h | 2_2_00413540 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then jmp ecx | 2_2_0042ED70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then jmp eax | 2_2_0040BD2D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp+1Ch] | 2_2_0041DA40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp word ptr [edi+esi+02h], 0000h | 2_2_00415DA4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h | 2_2_00420E70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 2_2_0041EE7E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp+10h] | 2_2_00412E3B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov ecx, dword ptr [esp+54h] | 2_2_0041F6D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then jmp ecx | 2_2_00434EE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then jmp eax | 2_2_00434EE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then cmp byte ptr [esi], 00000000h | 2_2_00419E8F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov ecx, dword ptr [esp] | 2_2_00419E8F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then jmp eax | 2_2_0041FEA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov dword ptr [esi+08h], ecx | 2_2_00423FC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov ecx, dword ptr [esi+000000D8h] | 2_2_00423FC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esi+000000D8h] | 2_2_00423FC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [edi], bl | 2_2_00423FC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov byte ptr [edx], al | 2_2_00423FC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov edx, dword ptr [esi+10h] | 2_2_00423FC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esi+10h] | 2_2_00423FC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esi+3Ch] | 2_2_00423FC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then jmp eax | 2_2_00434FE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov esi, ecx | 2_2_00411F94 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 4x nop then mov eax, dword ptr [esp+04h] | 2_2_00435FA0 |
Source: C:\Users\user\Desktop\NewInst.exe | Code function: 0_2_021B0B20 | 0_2_021B0B20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0042F000 | 2_2_0042F000 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0040C9A2 | 2_2_0040C9A2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00433D5A | 2_2_00433D5A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0042E6A2 | 2_2_0042E6A2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0040F076 | 2_2_0040F076 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0041401B | 2_2_0041401B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004350C0 | 2_2_004350C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004098D0 | 2_2_004098D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004118E2 | 2_2_004118E2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0041B0F0 | 2_2_0041B0F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0042D910 | 2_2_0042D910 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004369D0 | 2_2_004369D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004149A0 | 2_2_004149A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0041DA40 | 2_2_0041DA40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0041DA60 | 2_2_0041DA60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00407A20 | 2_2_00407A20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00406230 | 2_2_00406230 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00408AC0 | 2_2_00408AC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0041B280 | 2_2_0041B280 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00434B0F | 2_2_00434B0F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0041A3C9 | 2_2_0041A3C9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00410BEB | 2_2_00410BEB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004363F0 | 2_2_004363F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00407390 | 2_2_00407390 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0041F440 | 2_2_0041F440 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00404460 | 2_2_00404460 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0040D410 | 2_2_0040D410 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00434CD0 | 2_2_00434CD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004324E0 | 2_2_004324E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00402540 | 2_2_00402540 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00434563 | 2_2_00434563 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0040BD2D | 2_2_0040BD2D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00411DC3 | 2_2_00411DC3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0041D5E0 | 2_2_0041D5E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0041CD90 | 2_2_0041CD90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0041DA40 | 2_2_0041DA40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0041EE7E | 2_2_0041EE7E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00406ED0 | 2_2_00406ED0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004356D4 | 2_2_004356D4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004366E0 | 2_2_004366E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00434EE0 | 2_2_00434EE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00404E80 | 2_2_00404E80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00419E8F | 2_2_00419E8F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0040EEA4 | 2_2_0040EEA4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0041275E | 2_2_0041275E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00403F60 | 2_2_00403F60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00423FC0 | 2_2_00423FC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00434FE0 | 2_2_00434FE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00411F94 | 2_2_00411F94 |
Source: C:\Users\user\Desktop\NewInst.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\NewInst.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\NewInst.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\NewInst.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\NewInst.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\NewInst.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\NewInst.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: aclayers.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sfc.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sfc_os.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: webio.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0043C808 push eax; retf 0041h | 2_2_0043C809 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0043E828 push 4E0042BBh; retf | 2_2_0043E82D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0043C89E push eax; retf 0041h | 2_2_0043C8AD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004270A2 push eax; mov dword ptr [esp], eax | 2_2_00427076 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0043ABDC push edi; retf 0040h | 2_2_0043ABDD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0043ABE0 push eax; retf 0040h | 2_2_0043ABF5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0043AC08 push eax; retf | 2_2_0043AC09 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0043ADE8 push esi; retf | 2_2_0043ADE9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0043E69C pushad ; iretd | 2_2_0043E69D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0043C750 push eax; retf 0041h | 2_2_0043C751 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0043C754 push eax; retf 0041h | 2_2_0043C755 |
Source: C:\Users\user\Desktop\NewInst.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\NewInst.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\NewInst.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\NewInst.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\NewInst.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\NewInst.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\NewInst.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\NewInst.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\NewInst.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\NewInst.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\NewInst.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: Amcache.hve.5.dr | Binary or memory string: VMware |
Source: Amcache.hve.5.dr | Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.5.dr | Binary or memory string: vmci.syshbin |
Source: Amcache.hve.5.dr | Binary or memory string: VMware, Inc. |
Source: Amcache.hve.5.dr | Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.5.dr | Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.5.dr | Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.5.dr | Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: RegAsm.exe, 00000002.00000002.1940966413.0000000000A79000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1940966413.0000000000A45000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1940966413.0000000000A70000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
Source: Amcache.hve.5.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.5.dr | Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.5.dr | Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.5.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.5.dr | Binary or memory string: vmci.sys |
Source: Amcache.hve.5.dr | Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: Amcache.hve.5.dr | Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.5.dr | Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.5.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.5.dr | Binary or memory string: VMware20,1 |
Source: Amcache.hve.5.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.5.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.5.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.5.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.5.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.5.dr | Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.5.dr | Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.5.dr | Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.5.dr | Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.5.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.5.dr | Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: C:\Users\user\Desktop\NewInst.exe | Code function: 0_2_023A2499 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessA,CreateProcessA,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread, | 0_2_023A2499 |
Source: NewInst.exe, 00000000.00000002.1667750554.00000000033A5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: caffegclasiqwp.shop |
Source: NewInst.exe, 00000000.00000002.1667750554.00000000033A5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: stamppreewntnq.shop |
Source: NewInst.exe, 00000000.00000002.1667750554.00000000033A5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: stagedchheiqwo.shop |
Source: NewInst.exe, 00000000.00000002.1667750554.00000000033A5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: millyscroqwp.shop |
Source: NewInst.exe, 00000000.00000002.1667750554.00000000033A5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: evoliutwoqm.shop |
Source: NewInst.exe, 00000000.00000002.1667750554.00000000033A5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: condedqpwqm.shop |
Source: NewInst.exe, 00000000.00000002.1667750554.00000000033A5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: traineiwnqo.shop |
Source: NewInst.exe, 00000000.00000002.1667750554.00000000033A5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: locatedblsoqp.shop |
Source: NewInst.exe, 00000000.00000002.1667750554.00000000033A5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: froytnewqowv.shop |