Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.202 |
Source: Process Memory Space: RegAsm.exe PID: 6556, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 15.2.RegAsm.exe.1dd712f8.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 15.2.RegAsm.exe.1dd712f8.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 15.2.RegAsm.exe.1edc7a58.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 15.2.RegAsm.exe.1edc7a58.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 15.2.RegAsm.exe.1edc7a58.4.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 15.2.RegAsm.exe.1edc7a58.4.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 15.2.RegAsm.exe.1edcc081.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 15.2.RegAsm.exe.1edcc081.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_01007101 push cs; ret |
15_2_01007104 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_01006105 push cs; ret |
15_2_01006108 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_01004109 push cs; ret |
15_2_0100410C |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_01003109 push cs; ret |
15_2_0100310C |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_01007111 push cs; ret |
15_2_01007114 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_01007125 push cs; ret |
15_2_01007128 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_0100612D push cs; ret |
15_2_01006130 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_01004135 push cs; ret |
15_2_01004138 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_0100713D push cs; ret |
15_2_01007140 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_01006141 push cs; ret |
15_2_01006144 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_0100614F push cs; ret |
15_2_01006150 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_01006159 push cs; ret |
15_2_0100615C |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_01007171 push cs; ret |
15_2_01007174 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_01006175 push cs; ret |
15_2_01006178 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_01003179 push cs; ret |
15_2_0100317C |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_01006185 push cs; ret |
15_2_01006188 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_0100718D push cs; ret |
15_2_01007190 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_01006199 push cs; ret |
15_2_0100619C |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_010061A9 push cs; ret |
15_2_010061AC |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_010031B5 push cs; ret |
15_2_010031B8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_010061B5 push cs; ret |
15_2_010061B8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_010071B5 push cs; ret |
15_2_010071B8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_010071D1 push cs; ret |
15_2_010071D4 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_010061D5 push cs; ret |
15_2_010061D8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_010031E5 push cs; ret |
15_2_010031E8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_010041ED push cs; ret |
15_2_010041F0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_010041F1 push FFFFFF84h; ret |
15_2_010041F7 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_010071F5 push cs; ret |
15_2_010071F8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_010041FD push cs; ret |
15_2_01004200 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_010061FF push cs; ret |
15_2_01006200 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Code function: 15_2_01006001 push cs; ret |
15_2_01006004 |
Source: C:\Users\user\Desktop\V33QokMrIv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\V33QokMrIv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\V33QokMrIv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\subfolder1\filename1.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\subfolder1\filename1.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\subfolder1\filename1.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\subfolder1\filename1.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\subfolder1\filename1.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\subfolder1\filename1.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\V33QokMrIv.exe |
RDTSC instruction interceptor: First address: 0000000000626160 second address: 0000000000625B62 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a jmp 00007FCC9C394612h 0x0000000c fnop 0x0000000e jmp 00007FCC9C394612h 0x00000010 test dl, FFFFFF9Ch 0x00000013 jmp 00007FCC9C394612h 0x00000015 test bl, bl 0x00000017 jmp 00007FCC9C394612h 0x00000019 pushad 0x0000001a mov bl, ACh 0x0000001c cmp bl, FFFFFFACh 0x0000001f jne 00007FCC9C391E83h 0x00000025 popad 0x00000026 mov eax, 00000539h 0x0000002b jmp 00007FCC9C394612h 0x0000002d cmp bx, F525h 0x00000032 mov ecx, dword ptr [ebp+1Ch] 0x00000035 mov edx, 8802EDACh 0x0000003a call 00007FCC9C393F5Fh 0x0000003f push esi 0x00000040 push edx 0x00000041 push ecx 0x00000042 jmp 00007FCC9C394612h 0x00000044 pushad 0x00000045 lfence 0x00000048 rdtsc |
Source: C:\Users\user\Desktop\V33QokMrIv.exe |
RDTSC instruction interceptor: First address: 0000000000623B7D second address: 0000000000623C11 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a xor edi, edi 0x0000000c test bx, ax 0x0000000f mov ecx, 00A95F60h 0x00000014 push ecx 0x00000015 jmp 00007FCC9CA33912h 0x00000017 pushad 0x00000018 mov al, 1Eh 0x0000001a cmp al, 1Eh 0x0000001c jne 00007FCC9CA33799h 0x00000022 popad 0x00000023 call 00007FCC9CA33959h 0x00000028 call 00007FCC9CA33918h 0x0000002d lfence 0x00000030 mov edx, dword ptr [7FFE0014h] 0x00000036 lfence 0x00000039 ret 0x0000003a mov esi, edx 0x0000003c pushad 0x0000003d rdtsc |
Source: C:\Users\user\Desktop\V33QokMrIv.exe |
RDTSC instruction interceptor: First address: 0000000000623C11 second address: 0000000000623C11 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007FCC9C394608h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d pop ecx 0x0000001e jmp 00007FCC9C394612h 0x00000020 test dx, cx 0x00000023 add edi, edx 0x00000025 jmp 00007FCC9C394612h 0x00000027 test bh, ah 0x00000029 dec ecx 0x0000002a cmp eax, ecx 0x0000002c cmp ecx, 00000000h 0x0000002f jne 00007FCC9C3945AAh 0x00000031 push ecx 0x00000032 jmp 00007FCC9C394612h 0x00000034 pushad 0x00000035 mov al, 1Eh 0x00000037 cmp al, 1Eh 0x00000039 jne 00007FCC9C394499h 0x0000003f popad 0x00000040 call 00007FCC9C394659h 0x00000045 call 00007FCC9C394618h 0x0000004a lfence 0x0000004d mov edx, dword ptr [7FFE0014h] 0x00000053 lfence 0x00000056 ret 0x00000057 mov esi, edx 0x00000059 pushad 0x0000005a rdtsc |
Source: C:\Users\user\Desktop\V33QokMrIv.exe |
RDTSC instruction interceptor: First address: 0000000000623EAA second address: 0000000000623EAA instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007FCC9CA35FE6h 0x0000001d popad 0x0000001e call 00007FCC9CA33971h 0x00000023 lfence 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\V33QokMrIv.exe |
RDTSC instruction interceptor: First address: 0000000000624994 second address: 0000000000625B62 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a mov ecx, dword ptr [ebp+1Ch] 0x0000000d jmp 00007FCC9C394612h 0x0000000f test ecx, 0CA7638Eh 0x00000015 mov edx, 8B8E133Dh 0x0000001a test ebx, eax 0x0000001c call 00007FCC9C395789h 0x00000021 push esi 0x00000022 push edx 0x00000023 push ecx 0x00000024 jmp 00007FCC9C394612h 0x00000026 pushad 0x00000027 lfence 0x0000002a rdtsc |
Source: C:\Users\user\Desktop\V33QokMrIv.exe |
RDTSC instruction interceptor: First address: 0000000000624C68 second address: 0000000000625B62 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a call 00007FCC9CA347D7h 0x0000000f push esi 0x00000010 push edx 0x00000011 push ecx 0x00000012 jmp 00007FCC9CA33912h 0x00000014 pushad 0x00000015 lfence 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\V33QokMrIv.exe |
RDTSC instruction interceptor: First address: 0000000000625860 second address: 00000000006259B9 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b push ecx 0x0000000c jmp 00007FCC9C394612h 0x0000000e test edx, eax 0x00000010 push ecx 0x00000011 push eax 0x00000012 push dword ptr [ebp+00000110h] 0x00000018 call 00007FCC9C394713h 0x0000001d mov ecx, dword ptr [esp+0Ch] 0x00000021 mov edx, dword ptr [esp+08h] 0x00000025 jmp 00007FCC9C394612h 0x00000027 pushad 0x00000028 lfence 0x0000002b rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
RDTSC instruction interceptor: First address: 0000000001003EAA second address: 0000000001003EAA instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007FCC9CA35FE6h 0x0000001d popad 0x0000001e call 00007FCC9CA33971h 0x00000023 lfence 0x00000026 rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
RDTSC instruction interceptor: First address: 0000000001001FFF second address: 00000000010059B9 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b mov dword ptr [edi+00000818h], eax 0x00000011 jmp 00007FCC9C394612h 0x00000013 test bh, dh 0x00000015 mov ebx, dword ptr [edi+3Ch] 0x00000018 add ebx, 000000F8h 0x0000001e mov dword ptr [edi+00000810h], ebx 0x00000024 mov esi, edi 0x00000026 jmp 00007FCC9C394612h 0x00000028 cmp cx, AB77h 0x0000002d add esi, 00001000h 0x00000033 xor edx, edx 0x00000035 push edx 0x00000036 push ebx 0x00000037 push 00000028h 0x00000039 jmp 00007FCC9C394612h 0x0000003b cmp bl, al 0x0000003d mov eax, dword ptr [ebp+20h] 0x00000040 add eax, ebx 0x00000042 push eax 0x00000043 test ax, cx 0x00000046 push esi 0x00000047 call 00007FCC9C397F25h 0x0000004c mov ecx, dword ptr [esp+0Ch] 0x00000050 mov edx, dword ptr [esp+08h] 0x00000054 jmp 00007FCC9C394612h 0x00000056 pushad 0x00000057 lfence 0x0000005a rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
RDTSC instruction interceptor: First address: 00000000010022AC second address: 00000000010059B9 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 mov dword ptr [ebp+10h], 00000000h 0x0000000a mov dword ptr [ebp+14h], 00000000h 0x00000011 cmp dword ptr [edi+00000814h], 00000000h 0x00000018 je 00007FCC9CA33B5Eh 0x0000001e jmp 00007FCC9CA33912h 0x00000020 cmp bl, al 0x00000022 test ax, cx 0x00000025 jmp 00007FCC9CA33912h 0x00000027 pushad 0x00000028 mov bx, 1417h 0x0000002c cmp bx, 1417h 0x00000031 jne 00007FCC9CA31BADh 0x00000037 popad 0x00000038 test dh, ch 0x0000003a push ecx 0x0000003b cmp edx, edx 0x0000003d mov esi, dword ptr [edi+00000814h] 0x00000043 mov eax, dword ptr [edi+00000800h] 0x00000049 add eax, esi 0x0000004b add eax, ecx 0x0000004d push 00000014h 0x0000004f push eax 0x00000050 mov ebx, edi 0x00000052 add ebx, 00000C00h 0x00000058 push ebx 0x00000059 call 00007FCC9CA36F76h 0x0000005e mov ecx, dword ptr [esp+0Ch] 0x00000062 mov edx, dword ptr [esp+08h] 0x00000066 jmp 00007FCC9CA33912h 0x00000068 pushad 0x00000069 lfence 0x0000006c rdtsc |