Analysis Overview
SHA256
c6efd65819b33ebdc2868538da69b157df8b6ab572d06d10e8a6e6d69f6c707f
Threat Level: Known bad
The file c6efd65819b33ebdc2868538da69b157df8b6ab572d06d10e8a6e6d69f6c707f was found to be: Known bad.
Malicious Activity Summary
M00nd3v_Logger
HawkEye Reborn
M00nD3v Logger Payload
Reads user/profile data of web browsers
Looks up external IP address via web service
Accesses Microsoft Outlook profiles
Suspicious use of SetThreadContext
Enumerates physical storage devices
outlook_win_path
outlook_office_path
Suspicious use of WriteProcessMemory
Suspicious behavior: SetClipboardViewer
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-02-05 10:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-02-05 10:16
Reported
2022-02-05 10:18
Platform
win7-en-20211208
Max time kernel
152s
Max time network
137s
Command Line
Signatures
HawkEye Reborn
M00nd3v_Logger
M00nD3v Logger Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | bot.whatismyipaddress.com | N/A | N/A |
| N/A | bot.whatismyipaddress.com | N/A | N/A |
| N/A | bot.whatismyipaddress.com | N/A | N/A |
| N/A | bot.whatismyipaddress.com | N/A | N/A |
Suspicious use of SetThreadContext
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious behavior: SetClipboardViewer
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bot.whatismyipaddress.com | udp |
| US | 8.8.8.8:53 | bot.whatismyipaddress.com | udp |
| US | 8.8.8.8:53 | bot.whatismyipaddress.com | udp |
| US | 8.8.8.8:53 | bot.whatismyipaddress.com | udp |
Files
memory/1092-55-0x0000000000D50000-0x0000000000E1E000-memory.dmp
memory/1092-56-0x00000000009D0000-0x0000000000A68000-memory.dmp
memory/1092-57-0x0000000075831000-0x0000000075833000-memory.dmp
memory/1092-58-0x0000000000450000-0x00000000004C0000-memory.dmp
memory/1328-60-0x0000000000400000-0x0000000000490000-memory.dmp
memory/1328-61-0x0000000000390000-0x0000000000396000-memory.dmp
memory/1328-63-0x0000000004C10000-0x0000000004C11000-memory.dmp
memory/1736-65-0x0000000000330000-0x0000000000333000-memory.dmp
memory/976-67-0x0000000000C60000-0x0000000000C61000-memory.dmp
memory/1848-71-0x0000000004CD0000-0x0000000004CD1000-memory.dmp
memory/788-70-0x0000000000210000-0x0000000000260000-memory.dmp
memory/1356-74-0x0000000002660000-0x0000000004780000-memory.dmp
memory/1360-76-0x00000000001D0000-0x0000000000200000-memory.dmp
memory/868-78-0x0000000004AC0000-0x0000000004AC1000-memory.dmp
memory/1712-81-0x0000000000390000-0x00000000003C0000-memory.dmp
memory/556-82-0x00000000006A0000-0x00000000006A1000-memory.dmp
memory/1504-84-0x0000000000440000-0x0000000000491000-memory.dmp
memory/1840-85-0x0000000004AC0000-0x0000000004AC1000-memory.dmp
memory/112-90-0x00000000048F0000-0x00000000048F1000-memory.dmp
memory/1656-89-0x00000000001D0000-0x00000000002C1000-memory.dmp
memory/800-93-0x0000000000330000-0x0000000000380000-memory.dmp
memory/1824-94-0x00000000003A0000-0x00000000003E0000-memory.dmp
memory/1352-97-0x0000000000840000-0x0000000000841000-memory.dmp
memory/2104-99-0x00000000001C0000-0x0000000000211000-memory.dmp
memory/2216-101-0x0000000004A90000-0x0000000004A91000-memory.dmp
memory/2444-105-0x0000000004CB0000-0x0000000004CB1000-memory.dmp
memory/2308-104-0x00000000002C0000-0x0000000000351000-memory.dmp
memory/2620-108-0x0000000004A70000-0x0000000004A71000-memory.dmp
memory/976-110-0x0000000000C65000-0x0000000000C76000-memory.dmp
memory/1356-112-0x0000000002660000-0x0000000004780000-memory.dmp
memory/2816-114-0x0000000004D30000-0x0000000004D31000-memory.dmp
memory/1848-113-0x0000000004CD5000-0x0000000004CE6000-memory.dmp
memory/2908-117-0x0000000000310000-0x00000000003F0000-memory.dmp
memory/868-116-0x0000000004AC5000-0x0000000004AD6000-memory.dmp
memory/556-120-0x00000000006A5000-0x00000000006B6000-memory.dmp
memory/2984-119-0x0000000004E70000-0x0000000004E71000-memory.dmp
memory/1648-123-0x00000000002B0000-0x0000000000300000-memory.dmp
memory/1520-124-0x00000000028D0000-0x00000000028D1000-memory.dmp
memory/2700-127-0x0000000004B10000-0x0000000004B11000-memory.dmp
memory/1840-126-0x0000000004AC5000-0x0000000004AD6000-memory.dmp
memory/112-129-0x00000000048F5000-0x0000000004906000-memory.dmp
memory/2692-130-0x0000000000430000-0x0000000000480000-memory.dmp
memory/2684-133-0x0000000004C20000-0x0000000004C21000-memory.dmp
memory/1824-134-0x00000000003A0000-0x00000000003E0000-memory.dmp
memory/2852-137-0x0000000000390000-0x00000000003C0000-memory.dmp
memory/2280-138-0x0000000000850000-0x0000000000851000-memory.dmp
memory/1352-139-0x0000000000845000-0x0000000000856000-memory.dmp
memory/2876-142-0x0000000004C60000-0x0000000004C61000-memory.dmp
memory/2856-144-0x00000000002B0000-0x0000000000300000-memory.dmp
memory/2904-146-0x0000000000930000-0x0000000000931000-memory.dmp
memory/2444-147-0x0000000004CB5000-0x0000000004CC6000-memory.dmp
memory/3104-150-0x0000000004850000-0x0000000004851000-memory.dmp
memory/2620-151-0x0000000004A75000-0x0000000004A86000-memory.dmp
memory/3280-155-0x0000000004B30000-0x0000000004B31000-memory.dmp
memory/3192-154-0x0000000000210000-0x0000000000240000-memory.dmp
memory/2816-157-0x0000000004D35000-0x0000000004D46000-memory.dmp
memory/3456-159-0x0000000000490000-0x00000000005E0000-memory.dmp
memory/3640-162-0x0000000004900000-0x0000000004901000-memory.dmp
memory/1520-165-0x00000000028D5000-0x00000000028E6000-memory.dmp
memory/2700-167-0x0000000004B15000-0x0000000004B26000-memory.dmp
memory/3828-169-0x0000000004A70000-0x0000000004A71000-memory.dmp
memory/4060-171-0x00000000003D0000-0x0000000000400000-memory.dmp
memory/2280-172-0x0000000000855000-0x0000000000866000-memory.dmp
memory/2968-174-0x0000000002260000-0x00000000024C0000-memory.dmp
memory/3124-177-0x0000000002590000-0x00000000046E0000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-02-05 10:16
Reported
2022-02-05 10:18
Platform
win10v2004-en-20220113
Max time kernel
11s
Max time network
15s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe
"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | settings-win.data.microsoft.com | udp |
| NL | 51.124.78.146:443 | settings-win.data.microsoft.com | tcp |
Files
memory/4548-130-0x0000000000B00000-0x0000000000BCE000-memory.dmp