Malware Analysis Report

2025-01-18 02:38

Sample ID 220205-massvaaedj
Target c6efd65819b33ebdc2868538da69b157df8b6ab572d06d10e8a6e6d69f6c707f
SHA256 c6efd65819b33ebdc2868538da69b157df8b6ab572d06d10e8a6e6d69f6c707f
Tags
hawkeye_reborn m00nd3v_logger collection keylogger spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c6efd65819b33ebdc2868538da69b157df8b6ab572d06d10e8a6e6d69f6c707f

Threat Level: Known bad

The file c6efd65819b33ebdc2868538da69b157df8b6ab572d06d10e8a6e6d69f6c707f was found to be: Known bad.

Malicious Activity Summary

hawkeye_reborn m00nd3v_logger collection keylogger spyware stealer trojan

M00nd3v_Logger

HawkEye Reborn

M00nD3v Logger Payload

Reads user/profile data of web browsers

Looks up external IP address via web service

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

Enumerates physical storage devices

outlook_win_path

outlook_office_path

Suspicious use of WriteProcessMemory

Suspicious behavior: SetClipboardViewer

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-02-05 10:16

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-02-05 10:16

Reported

2022-02-05 10:18

Platform

win7-en-20211208

Max time kernel

152s

Max time network

137s

Command Line

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

Signatures

HawkEye Reborn

keylogger trojan stealer spyware hawkeye_reborn

M00nd3v_Logger

stealer spyware m00nd3v_logger

M00nD3v Logger Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A bot.whatismyipaddress.com N/A N/A
N/A bot.whatismyipaddress.com N/A N/A
N/A bot.whatismyipaddress.com N/A N/A
N/A bot.whatismyipaddress.com N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1092 set thread context of 1328 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1736 set thread context of 976 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 788 set thread context of 1848 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1308 set thread context of 1356 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1360 set thread context of 868 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1712 set thread context of 556 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1504 set thread context of 1840 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1656 set thread context of 112 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 800 set thread context of 1824 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 804 set thread context of 1352 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2104 set thread context of 2216 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2308 set thread context of 2444 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2532 set thread context of 2620 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2716 set thread context of 2816 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2908 set thread context of 2984 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1648 set thread context of 1520 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2052 set thread context of 2700 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2692 set thread context of 2684 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2852 set thread context of 2280 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2468 set thread context of 2876 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2856 set thread context of 2904 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2496 set thread context of 3104 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3192 set thread context of 3280 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3372 set thread context of 3456 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3548 set thread context of 3640 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3740 set thread context of 3828 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3896 set thread context of 3984 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 4060 set thread context of 2968 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1512 set thread context of 3124 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3208 set thread context of 3860 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3720 set thread context of 1568 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 4024 set thread context of 3796 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 4064 set thread context of 1720 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2576 set thread context of 4020 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3672 set thread context of 2628 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3344 set thread context of 4016 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2632 set thread context of 3700 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 4128 set thread context of 4252 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 4364 set thread context of 4432 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 4528 set thread context of 4620 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 4752 set thread context of 4876 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 5012 set thread context of 5068 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3660 set thread context of 2652 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 4440 set thread context of 4520 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 4712 set thread context of 3424 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3484 set thread context of 4976 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3952 set thread context of 5016 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1740 set thread context of 4632 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2548 set thread context of 4700 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 4036 set thread context of 3568 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 4300 set thread context of 4172 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3304 set thread context of 3348 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2044 set thread context of 5172 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 5304 set thread context of 5408 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 5500 set thread context of 5592 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 5700 set thread context of 5780 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 5916 set thread context of 5984 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 6076 set thread context of 6128 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1208 set thread context of 2424 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 4792 set thread context of 5476 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 5436 set thread context of 5520 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 5816 set thread context of 5704 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 6020 set thread context of 2764 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 6092 set thread context of 5312 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A

Suspicious behavior: SetClipboardViewer

Description Indicator Process Target
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1092 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1092 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1092 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1092 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1092 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1092 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1092 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1092 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1092 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\SysWOW64\cmd.exe
PID 1092 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\SysWOW64\cmd.exe
PID 1092 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\SysWOW64\cmd.exe
PID 1092 wrote to memory of 800 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\SysWOW64\cmd.exe
PID 800 wrote to memory of 1180 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\choice.exe
PID 800 wrote to memory of 1180 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\choice.exe
PID 800 wrote to memory of 1180 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\choice.exe
PID 800 wrote to memory of 1180 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\choice.exe
PID 1092 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
PID 1092 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
PID 1092 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
PID 1092 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
PID 1736 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1736 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1736 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1736 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1736 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1736 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1736 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1736 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1736 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\SysWOW64\cmd.exe
PID 1736 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\SysWOW64\cmd.exe
PID 1736 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\SysWOW64\cmd.exe
PID 1736 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\SysWOW64\cmd.exe
PID 776 wrote to memory of 604 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\choice.exe
PID 776 wrote to memory of 604 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\choice.exe
PID 776 wrote to memory of 604 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\choice.exe
PID 776 wrote to memory of 604 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\choice.exe
PID 1736 wrote to memory of 788 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
PID 1736 wrote to memory of 788 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
PID 1736 wrote to memory of 788 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
PID 1736 wrote to memory of 788 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
PID 788 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 788 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 788 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 788 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 788 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 788 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 788 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 788 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 788 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\SysWOW64\cmd.exe
PID 788 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\SysWOW64\cmd.exe
PID 788 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\SysWOW64\cmd.exe
PID 788 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\SysWOW64\cmd.exe
PID 1212 wrote to memory of 752 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\choice.exe
PID 1212 wrote to memory of 752 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\choice.exe
PID 1212 wrote to memory of 752 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\choice.exe
PID 1212 wrote to memory of 752 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\choice.exe
PID 788 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
PID 788 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
PID 788 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
PID 788 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
PID 1308 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1308 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1308 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 1308 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 bot.whatismyipaddress.com udp
US 8.8.8.8:53 bot.whatismyipaddress.com udp
US 8.8.8.8:53 bot.whatismyipaddress.com udp
US 8.8.8.8:53 bot.whatismyipaddress.com udp

Files

memory/1092-55-0x0000000000D50000-0x0000000000E1E000-memory.dmp

memory/1092-56-0x00000000009D0000-0x0000000000A68000-memory.dmp

memory/1092-57-0x0000000075831000-0x0000000075833000-memory.dmp

memory/1092-58-0x0000000000450000-0x00000000004C0000-memory.dmp

memory/1328-60-0x0000000000400000-0x0000000000490000-memory.dmp

memory/1328-61-0x0000000000390000-0x0000000000396000-memory.dmp

memory/1328-63-0x0000000004C10000-0x0000000004C11000-memory.dmp

memory/1736-65-0x0000000000330000-0x0000000000333000-memory.dmp

memory/976-67-0x0000000000C60000-0x0000000000C61000-memory.dmp

memory/1848-71-0x0000000004CD0000-0x0000000004CD1000-memory.dmp

memory/788-70-0x0000000000210000-0x0000000000260000-memory.dmp

memory/1356-74-0x0000000002660000-0x0000000004780000-memory.dmp

memory/1360-76-0x00000000001D0000-0x0000000000200000-memory.dmp

memory/868-78-0x0000000004AC0000-0x0000000004AC1000-memory.dmp

memory/1712-81-0x0000000000390000-0x00000000003C0000-memory.dmp

memory/556-82-0x00000000006A0000-0x00000000006A1000-memory.dmp

memory/1504-84-0x0000000000440000-0x0000000000491000-memory.dmp

memory/1840-85-0x0000000004AC0000-0x0000000004AC1000-memory.dmp

memory/112-90-0x00000000048F0000-0x00000000048F1000-memory.dmp

memory/1656-89-0x00000000001D0000-0x00000000002C1000-memory.dmp

memory/800-93-0x0000000000330000-0x0000000000380000-memory.dmp

memory/1824-94-0x00000000003A0000-0x00000000003E0000-memory.dmp

memory/1352-97-0x0000000000840000-0x0000000000841000-memory.dmp

memory/2104-99-0x00000000001C0000-0x0000000000211000-memory.dmp

memory/2216-101-0x0000000004A90000-0x0000000004A91000-memory.dmp

memory/2444-105-0x0000000004CB0000-0x0000000004CB1000-memory.dmp

memory/2308-104-0x00000000002C0000-0x0000000000351000-memory.dmp

memory/2620-108-0x0000000004A70000-0x0000000004A71000-memory.dmp

memory/976-110-0x0000000000C65000-0x0000000000C76000-memory.dmp

memory/1356-112-0x0000000002660000-0x0000000004780000-memory.dmp

memory/2816-114-0x0000000004D30000-0x0000000004D31000-memory.dmp

memory/1848-113-0x0000000004CD5000-0x0000000004CE6000-memory.dmp

memory/2908-117-0x0000000000310000-0x00000000003F0000-memory.dmp

memory/868-116-0x0000000004AC5000-0x0000000004AD6000-memory.dmp

memory/556-120-0x00000000006A5000-0x00000000006B6000-memory.dmp

memory/2984-119-0x0000000004E70000-0x0000000004E71000-memory.dmp

memory/1648-123-0x00000000002B0000-0x0000000000300000-memory.dmp

memory/1520-124-0x00000000028D0000-0x00000000028D1000-memory.dmp

memory/2700-127-0x0000000004B10000-0x0000000004B11000-memory.dmp

memory/1840-126-0x0000000004AC5000-0x0000000004AD6000-memory.dmp

memory/112-129-0x00000000048F5000-0x0000000004906000-memory.dmp

memory/2692-130-0x0000000000430000-0x0000000000480000-memory.dmp

memory/2684-133-0x0000000004C20000-0x0000000004C21000-memory.dmp

memory/1824-134-0x00000000003A0000-0x00000000003E0000-memory.dmp

memory/2852-137-0x0000000000390000-0x00000000003C0000-memory.dmp

memory/2280-138-0x0000000000850000-0x0000000000851000-memory.dmp

memory/1352-139-0x0000000000845000-0x0000000000856000-memory.dmp

memory/2876-142-0x0000000004C60000-0x0000000004C61000-memory.dmp

memory/2856-144-0x00000000002B0000-0x0000000000300000-memory.dmp

memory/2904-146-0x0000000000930000-0x0000000000931000-memory.dmp

memory/2444-147-0x0000000004CB5000-0x0000000004CC6000-memory.dmp

memory/3104-150-0x0000000004850000-0x0000000004851000-memory.dmp

memory/2620-151-0x0000000004A75000-0x0000000004A86000-memory.dmp

memory/3280-155-0x0000000004B30000-0x0000000004B31000-memory.dmp

memory/3192-154-0x0000000000210000-0x0000000000240000-memory.dmp

memory/2816-157-0x0000000004D35000-0x0000000004D46000-memory.dmp

memory/3456-159-0x0000000000490000-0x00000000005E0000-memory.dmp

memory/3640-162-0x0000000004900000-0x0000000004901000-memory.dmp

memory/1520-165-0x00000000028D5000-0x00000000028E6000-memory.dmp

memory/2700-167-0x0000000004B15000-0x0000000004B26000-memory.dmp

memory/3828-169-0x0000000004A70000-0x0000000004A71000-memory.dmp

memory/4060-171-0x00000000003D0000-0x0000000000400000-memory.dmp

memory/2280-172-0x0000000000855000-0x0000000000866000-memory.dmp

memory/2968-174-0x0000000002260000-0x00000000024C0000-memory.dmp

memory/3124-177-0x0000000002590000-0x00000000046E0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-02-05 10:16

Reported

2022-02-05 10:18

Platform

win10v2004-en-20220113

Max time kernel

11s

Max time network

15s

Command Line

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe

"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 settings-win.data.microsoft.com udp
NL 51.124.78.146:443 settings-win.data.microsoft.com tcp

Files

memory/4548-130-0x0000000000B00000-0x0000000000BCE000-memory.dmp