Source: E0F5C59F9FA661F6F4C50B87FEF3A15A.2.dr | String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp | String found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06 |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp | String found in binary or memory: http://crl.entrust.net/2048ca.crl0 |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp | String found in binary or memory: http://crl.entrust.net/server1.crl0 |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp | String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0 |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp | String found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0 |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp | String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0 |
Source: 77EC63BDA74BD0D0E0426DC8F8008506.2.dr | String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp | String found in binary or memory: http://ocsp.comodoca.com0 |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp | String found in binary or memory: http://ocsp.comodoca.com0% |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp | String found in binary or memory: http://ocsp.comodoca.com0- |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp | String found in binary or memory: http://ocsp.comodoca.com0/ |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp | String found in binary or memory: http://ocsp.comodoca.com05 |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp | String found in binary or memory: http://ocsp.digicert.com0: |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp | String found in binary or memory: http://ocsp.entrust.net03 |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp | String found in binary or memory: http://ocsp.entrust.net0D |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp | String found in binary or memory: http://ocsp.msocsp.com0 |
Source: taskeng.exe, 0000000D.00000002.2342784593.0000000001B60000.00000002.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous. |
Source: taskeng.exe, 0000000D.00000002.2342784593.0000000001B60000.00000002.00000001.sdmp | String found in binary or memory: http://www.%s.comPA |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp | String found in binary or memory: http://www.digicert.com.my/cps.htm02 |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp | String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0 |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp | String found in binary or memory: https://cbavwq.bl.files.1drv.com/DQ |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp | String found in binary or memory: https://cbavwq.bl.files.1drv.com/O |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp, RegAsm.exe, 00000005.00000002.2354281853.0000000000A86000.00000004.00000020.sdmp | String found in binary or memory: https://cbavwq.bl.files.1drv.com/y4m3v2kEpIV8FbxWjD8IYOSGc9eY7yGumgM5fcT1ikVolWrnqtFykMCYtt6EVe-wNwa |
Source: RegAsm.exe, 00000005.00000002.2351405264.0000000000A4C000.00000004.00000020.sdmp | String found in binary or memory: https://onedrive.live.com/ |
Source: RegAsm.exe, RegAsm.exe, 00000005.00000002.2342821040.0000000000562000.00000040.00000001.sdmp, RegAsm.exe, 00000005.00000002.2351405264.0000000000A4C000.00000004.00000020.sdmp | String found in binary or memory: https://onedrive.live.com/download?cid=F57CEB019EB26E7D&resid=F57CEB019EB26E7D%21106&authkey=AHaSu1X |
Source: RegAsm.exe, 00000005.00000002.2354794151.0000000000A98000.00000004.00000020.sdmp | String found in binary or memory: https://secure.comodo.com/CPS0 |
Source: 3pNzHgj[1].htm.2.dr | String found in binary or memory: https://u.teknik.io/TFppy.txt |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00566599 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00C438C8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00C498F0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00C48C98 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00C49C03 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00C42418 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00C4B5C0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00C430E7 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00C43020 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00C499B7 |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Code function: 14_2_005501B7 |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Code function: 17_2_002101B7 |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_00409851 |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_0040987E |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_00409828 |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_004098D6 |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_0040990A |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_00409932 |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_004099DD |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_0040998E |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_004099B7 |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_00409A62 |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_00409A09 |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_00409AC1 |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_00409AF2 |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_00409A94 |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_00409B48 |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_0040976B |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_00409B1E |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_00409739 |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_00409BC3 |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_004097CB |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_004093F4 |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_004097FA |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_00409798 |
Source: C:\Users\user\subfolder1\filename1.exe | Code function: 19_2_00405934 |
Source: 00000005.00000002.2342294404.0000000000080000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000005.00000002.2342294404.0000000000080000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000005.00000002.2342304047.0000000000090000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000005.00000002.2342304047.0000000000090000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: Process Memory Space: RegAsm.exe PID: 2428, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 5.2.RegAsm.exe.80000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.RegAsm.exe.80000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 5.2.RegAsm.exe.90000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.RegAsm.exe.90000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 5.2.RegAsm.exe.94629.1.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.RegAsm.exe.94629.1.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 5.2.RegAsm.exe.90000.2.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.RegAsm.exe.90000.2.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\Public\69577.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\Public\69577.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\Public\69577.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\Public\69577.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\Public\69577.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\Public\69577.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\Public\69577.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\schtasks.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\schtasks.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\schtasks.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\schtasks.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\schtasks.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\schtasks.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\schtasks.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\schtasks.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\taskeng.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\taskeng.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\taskeng.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\taskeng.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\subfolder1\filename1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\subfolder1\filename1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\subfolder1\filename1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\subfolder1\filename1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\subfolder1\filename1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\subfolder1\filename1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_005674F1 CreateThread, |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_005643E9 InternetOpenA,InternetOpenUrlA, |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_0056704C CreateThread, |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562C4B |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00567063 CreateThread, |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562C69 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00563019 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_0056302B |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562CE3 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_005630EF |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562C97 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00563092 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00567086 CreateThread, |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562C81 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_005630B5 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562CB5 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562D73 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562D02 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00563125 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562D2D |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562DC5 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562DEE |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562D8D |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562DAA |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562E4C |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562E6D |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562E1D |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562EC4 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562EB2 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562F71 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562F0D |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562FD2 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562FC1 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00566FCB NtProtectVirtualMemory,CreateThread, |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562BF5 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Code function: 5_2_00562F85 |
Source: C:\Users\Public\69577.exe | RDTSC instruction interceptor: First address: 0000000000327097 second address: 0000000000327097 instructions: |
Source: C:\Users\Public\69577.exe | RDTSC instruction interceptor: First address: 00000000003239D5 second address: 00000000003239D5 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007F085CED7288h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d jmp 00007F085CED7292h 0x0000001f test bx, FB3Ch 0x00000024 cmp bh, bh 0x00000026 pop ecx 0x00000027 add edi, edx 0x00000029 dec ecx 0x0000002a cmp ecx, 00000000h 0x0000002d jne 00007F085CED7224h 0x0000002f jmp 00007F085CED7292h 0x00000031 push ss 0x00000032 pop ss 0x00000033 jmp 00007F085CED728Dh 0x00000035 push ecx 0x00000036 jmp 00007F085CED7292h 0x00000038 test dx, dx 0x0000003b call 00007F085CED72DFh 0x00000040 call 00007F085CED7298h 0x00000045 lfence 0x00000048 mov edx, dword ptr [7FFE0014h] 0x0000004e lfence 0x00000051 ret 0x00000052 mov esi, edx 0x00000054 pushad 0x00000055 rdtsc |
Source: C:\Users\Public\69577.exe | RDTSC instruction interceptor: First address: 0000000000323C6A second address: 0000000000323C6A instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007F085CF50412h 0x0000001d popad 0x0000001e call 00007F085CF4DEDDh 0x00000023 lfence 0x00000026 rdtsc |
Source: C:\Users\Public\69577.exe | RDTSC instruction interceptor: First address: 0000000000326A3C second address: 0000000000326B00 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+18h] 0x0000000f jmp 00007F085CED7292h 0x00000011 cmp bl, FFFFFFE7h 0x00000014 mov byte ptr [eax], FFFFFF90h 0x00000017 jmp 00007F085CED7292h 0x00000019 cmp ax, dx 0x0000001c mov eax, dword ptr [esp+1Ch] 0x00000020 mov byte ptr [eax], 0000006Ah 0x00000023 jmp 00007F085CED7292h 0x00000025 jmp 00007F085CED729Eh 0x00000027 mov byte ptr [eax+01h], 00000000h 0x0000002b mov byte ptr [eax+02h], FFFFFFB8h 0x0000002f jmp 00007F085CED7292h 0x00000031 test ax, cx 0x00000034 mov edx, dword ptr [ebp+0000013Ch] 0x0000003a mov dword ptr [eax+03h], edx 0x0000003d jmp 00007F085CED7292h 0x0000003f cmp dx, cx 0x00000042 jmp 00007F085CED7292h 0x00000044 pushad 0x00000045 lfence 0x00000048 rdtsc |
Source: C:\Users\Public\69577.exe | RDTSC instruction interceptor: First address: 0000000000326B00 second address: 0000000000326BBF instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b mov byte ptr [eax+07h], FFFFFFFFh 0x0000000f jmp 00007F085CF4DEA2h 0x00000011 cmp bl, 00000038h 0x00000014 mov byte ptr [eax+08h], FFFFFFD0h 0x00000018 jmp 00007F085CF4DEA2h 0x0000001a cmp ax, dx 0x0000001d mov byte ptr [eax+09h], FFFFFFC2h 0x00000021 mov byte ptr [eax+0Ah], 00000004h 0x00000025 mov byte ptr [eax+0Bh], 00000000h 0x00000029 jmp 00007F085CF4DEA2h 0x0000002b jmp 00007F085CF4DEAEh 0x0000002d jmp 00007F085CF4DEA2h 0x0000002f test ax, cx 0x00000032 mov eax, ebx 0x00000034 jmp 00007F085CF4DEA2h 0x00000036 cmp dx, cx 0x00000039 add eax, dword ptr [esp+08h] 0x0000003d jmp 00007F085CF4DEA2h 0x0000003f pushad 0x00000040 lfence 0x00000043 rdtsc |
Source: C:\Users\Public\69577.exe | RDTSC instruction interceptor: First address: 0000000000326BBF second address: 0000000000326BBF instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b inc ebx 0x0000000c cmp ebx, eax 0x0000000e je 00007F085CED74A5h 0x00000014 jmp 00007F085CED7292h 0x00000016 cmp bl, 00000041h 0x00000019 cmp byte ptr [ebx], FFFFFFB8h 0x0000001c jne 00007F085CED723Eh 0x0000001e jmp 00007F085CED7292h 0x00000020 pushad 0x00000021 lfence 0x00000024 rdtsc |
Source: C:\Users\Public\69577.exe | RDTSC instruction interceptor: First address: 000000000032767F second address: 00000000003276BA instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b mov eax, dword ptr [edi+00005000h] 0x00000011 cmp dword ptr [eax+04h], 00000000h 0x00000015 jne 00007F085CF4DFE6h 0x0000001b cmp dword ptr [eax+08h], 00000000h 0x0000001f jne 00007F085CF4DFDCh 0x00000025 jmp 00007F085CF4DEA2h 0x00000027 pushad 0x00000028 lfence 0x0000002b rdtsc |
Source: C:\Users\Public\69577.exe | RDTSC instruction interceptor: First address: 0000000000320F13 second address: 0000000000320F13 instructions: |
Source: C:\Users\Public\69577.exe | RDTSC instruction interceptor: First address: 0000000000322D13 second address: 0000000000322D13 instructions: |
Source: C:\Users\Public\69577.exe | RDTSC instruction interceptor: First address: 00000000003232EE second address: 00000000003232EE instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | RDTSC instruction interceptor: First address: 0000000000563C6A second address: 0000000000563C6A instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007F085CF50412h 0x0000001d popad 0x0000001e call 00007F085CF4DEDDh 0x00000023 lfence 0x00000026 rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | RDTSC instruction interceptor: First address: 0000000000566A3C second address: 0000000000566B00 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+18h] 0x0000000f jmp 00007F085CED7292h 0x00000011 cmp bl, FFFFFFE7h 0x00000014 mov byte ptr [eax], FFFFFF90h 0x00000017 jmp 00007F085CED7292h 0x00000019 cmp ax, dx 0x0000001c mov eax, dword ptr [esp+1Ch] 0x00000020 mov byte ptr [eax], 0000006Ah 0x00000023 jmp 00007F085CED7292h 0x00000025 jmp 00007F085CED729Eh 0x00000027 mov byte ptr [eax+01h], 00000000h 0x0000002b mov byte ptr [eax+02h], FFFFFFB8h 0x0000002f jmp 00007F085CED7292h 0x00000031 test ax, cx 0x00000034 mov edx, dword ptr [ebp+0000013Ch] 0x0000003a mov dword ptr [eax+03h], edx 0x0000003d jmp 00007F085CED7292h 0x0000003f cmp dx, cx 0x00000042 jmp 00007F085CED7292h 0x00000044 pushad 0x00000045 lfence 0x00000048 rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | RDTSC instruction interceptor: First address: 0000000000566B00 second address: 0000000000566BBF instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b mov byte ptr [eax+07h], FFFFFFFFh 0x0000000f jmp 00007F085CF4DEA2h 0x00000011 cmp bl, 00000038h 0x00000014 mov byte ptr [eax+08h], FFFFFFD0h 0x00000018 jmp 00007F085CF4DEA2h 0x0000001a cmp ax, dx 0x0000001d mov byte ptr [eax+09h], FFFFFFC2h 0x00000021 mov byte ptr [eax+0Ah], 00000004h 0x00000025 mov byte ptr [eax+0Bh], 00000000h 0x00000029 jmp 00007F085CF4DEA2h 0x0000002b jmp 00007F085CF4DEAEh 0x0000002d jmp 00007F085CF4DEA2h 0x0000002f test ax, cx 0x00000032 mov eax, ebx 0x00000034 jmp 00007F085CF4DEA2h 0x00000036 cmp dx, cx 0x00000039 add eax, dword ptr [esp+08h] 0x0000003d jmp 00007F085CF4DEA2h 0x0000003f pushad 0x00000040 lfence 0x00000043 rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | RDTSC instruction interceptor: First address: 0000000000566BBF second address: 0000000000566BBF instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b inc ebx 0x0000000c cmp ebx, eax 0x0000000e je 00007F085CED74A5h 0x00000014 jmp 00007F085CED7292h 0x00000016 cmp bl, 00000041h 0x00000019 cmp byte ptr [ebx], FFFFFFB8h 0x0000001c jne 00007F085CED723Eh 0x0000001e jmp 00007F085CED7292h 0x00000020 pushad 0x00000021 lfence 0x00000024 rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | RDTSC instruction interceptor: First address: 000000000056767F second address: 00000000005676BA instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b mov eax, dword ptr [edi+00005000h] 0x00000011 cmp dword ptr [eax+04h], 00000000h 0x00000015 jne 00007F085CF4DFE6h 0x0000001b cmp dword ptr [eax+08h], 00000000h 0x0000001f jne 00007F085CF4DFDCh 0x00000025 jmp 00007F085CF4DEA2h 0x00000027 pushad 0x00000028 lfence 0x0000002b rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | RDTSC instruction interceptor: First address: 0000000000560FE0 second address: 0000000000560FE0 instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | RDTSC instruction interceptor: First address: 0000000000561093 second address: 0000000000561093 instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | RDTSC instruction interceptor: First address: 0000000000561166 second address: 0000000000561166 instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | RDTSC instruction interceptor: First address: 0000000000561216 second address: 0000000000561216 instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | RDTSC instruction interceptor: First address: 0000000000564496 second address: 0000000000564496 instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | RDTSC instruction interceptor: First address: 00000000005645F2 second address: 00000000005645F2 instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | RDTSC instruction interceptor: First address: 000000000056220E second address: 000000000056220E instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | RDTSC instruction interceptor: First address: 0000000000562398 second address: 000000000056243D instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a jmp 00007F085CF4DEA2h 0x0000000c cmp ax, 00002355h 0x00000010 call 00007F085CF4E4FBh 0x00000015 cmp dword ptr [edi+00000818h], 00000000h 0x0000001c je 00007F085CF4DF75h 0x00000022 ret 0x00000023 test edx, ecx 0x00000025 mov eax, dword ptr fs:[00000030h] 0x0000002b mov eax, dword ptr [eax+0Ch] 0x0000002e mov eax, dword ptr [eax+0Ch] 0x00000031 jmp 00007F085CF4DEA2h 0x00000033 test dx, dx 0x00000036 mov ecx, dword ptr [edi+00000808h] 0x0000003c jmp 00007F085CF4DE97h 0x0000003e mov dword ptr [eax+20h], ecx 0x00000041 jmp 00007F085CF4DEA2h 0x00000043 cmp ah, ch 0x00000045 mov esi, dword ptr [edi+00000800h] 0x0000004b jmp 00007F085CF4DEA2h 0x0000004d fnop 0x0000004f mov dword ptr [eax+18h], esi 0x00000052 add esi, dword ptr [edi+00000850h] 0x00000058 mov dword ptr [eax+1Ch], esi 0x0000005b jmp 00007F085CF4DEA2h 0x0000005d pushad 0x0000005e rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | RDTSC instruction interceptor: First address: 000000000056243D second address: 00000000005624DF instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a jmp 00007F085CED7292h 0x0000000c cmp ax, 0000D992h 0x00000010 test edx, ecx 0x00000012 cmp dword ptr [ebp+70h], 01h 0x00000016 je 00007F085CED73FCh 0x0000001c mov esi, edi 0x0000001e add esi, 00001000h 0x00000024 xor ecx, ecx 0x00000026 push ecx 0x00000027 jmp 00007F085CED7292h 0x00000029 test dx, dx 0x0000002c push edi 0x0000002d mov eax, ebp 0x0000002f add eax, 0000009Ch 0x00000034 push eax 0x00000035 call 00007F085CED7915h 0x0000003a jmp 00007F085CED7292h 0x0000003c jmp 00007F085CED729Ah 0x0000003e test ch, ch 0x00000040 cmp dword ptr [esi+24h], E0000020h 0x00000047 je 00007F085CED7354h 0x0000004d cmp dword ptr [esi+24h], 60000020h 0x00000054 je 00007F085CED73C3h 0x0000005a mov ebx, 00000020h 0x0000005f jmp 00007F085CED7296h 0x00000061 ret 0x00000062 push ebx 0x00000063 jmp 00007F085CED7292h 0x00000065 cmp ah, ch 0x00000067 mov eax, esi 0x00000069 jmp 00007F085CED7292h 0x0000006b fnop 0x0000006d add eax, 08h 0x00000070 push eax 0x00000071 mov eax, dword ptr [edi+00000800h] 0x00000077 jmp 00007F085CED7292h 0x00000079 pushad 0x0000007a rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | RDTSC instruction interceptor: First address: 00000000005624DF second address: 00000000005624DF instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | RDTSC instruction interceptor: First address: 0000000000562599 second address: 0000000000562599 instructions: |