{"Version": ".0.0.0,", "Mutex": "a7fa722b-7dae-45b1-afa6-302155a5", "Group": "Default", "Domain1": "wespeaktruthtoman.sytes.net", "Domain2": "wespeaktruthtoman12.sytes.net", "Port": 5600, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8"}
Source: 0.2.aISbFyk4Lj.exe.484a9b8.2.raw.unpack | Malware Configuration Extractor: NanoCore {"Version": ".0.0.0,", "Mutex": "a7fa722b-7dae-45b1-afa6-302155a5", "Group": "Default", "Domain1": "wespeaktruthtoman.sytes.net", "Domain2": "wespeaktruthtoman12.sytes.net", "Port": 5600, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8"} |
Source: 00000000.00000002.227998353.00000000045E1000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000002.227998353.00000000045E1000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.aISbFyk4Lj.exe.484a9b8.2.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.aISbFyk4Lj.exe.484a9b8.2.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.aISbFyk4Lj.exe.484a9b8.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.aISbFyk4Lj.exe.484a9b8.2.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_00EC93F1 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_055E21B9 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_055E0440 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_055E22C4 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_055E0888 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C0D40 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C412B |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C2918 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C3908 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C2010 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C58E8 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C24E0 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C17D7 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057CEFB8 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C4A60 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057CFA20 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C0D30 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057CC520 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C2909 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C3903 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057CC9C0 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C2DA0 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C7588 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057CD878 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057CCC68 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C7068 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C705B |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C1830 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C7820 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C7810 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C7C10 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C5CFB |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057CBCE8 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C24D0 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C68D0 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057CB718 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C2310 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C7308 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C2301 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C57F1 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C6FE8 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C57B2 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C6678 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C6668 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C7A50 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C7A40 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C7620 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057C62C8 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Code function: 0_2_057CD2A8 |
Source: aISbFyk4Lj.exe | Binary or memory string: OriginalFilename vs aISbFyk4Lj.exe |
Source: aISbFyk4Lj.exe, 00000000.00000002.231389678.0000000005F80000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameDSASignature.dll@ vs aISbFyk4Lj.exe |
Source: aISbFyk4Lj.exe, 00000000.00000000.215774542.0000000000EC2000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenamegetClaimsd95.exeF vs aISbFyk4Lj.exe |
Source: aISbFyk4Lj.exe, 00000000.00000002.230993463.0000000005880000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamemscorrc.dllT vs aISbFyk4Lj.exe |
Source: aISbFyk4Lj.exe, 00000000.00000002.227522713.0000000003698000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameSimpleUI.dll( vs aISbFyk4Lj.exe |
Source: aISbFyk4Lj.exe, 00000000.00000002.231733663.0000000006710000.00000002.00000001.sdmp | Binary or memory string: originalfilename vs aISbFyk4Lj.exe |
Source: aISbFyk4Lj.exe, 00000000.00000002.231733663.0000000006710000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs aISbFyk4Lj.exe |
Source: aISbFyk4Lj.exe, 00000000.00000002.230861005.00000000057F0000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamenlsbres.dllj% vs aISbFyk4Lj.exe |
Source: aISbFyk4Lj.exe, 00000000.00000002.231565418.0000000006620000.00000002.00000001.sdmp | Binary or memory string: System.OriginalFileName vs aISbFyk4Lj.exe |
Source: aISbFyk4Lj.exe, 00000000.00000002.230866914.0000000005800000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamenlsbres.dll.muij% vs aISbFyk4Lj.exe |
Source: aISbFyk4Lj.exe | Binary or memory string: OriginalFilenamegetClaimsd95.exeF vs aISbFyk4Lj.exe |
Source: 00000000.00000002.227998353.00000000045E1000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000000.00000002.227998353.00000000045E1000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.aISbFyk4Lj.exe.484a9b8.2.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.aISbFyk4Lj.exe.484a9b8.2.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.aISbFyk4Lj.exe.484a9b8.2.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.aISbFyk4Lj.exe.484a9b8.2.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.aISbFyk4Lj.exe.484a9b8.2.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: aISbFyk4Lj.exe, 00000000.00000002.227476170.000000000362D000.00000004.00000001.sdmp | Binary or memory string: Select * from Clientes WHERE id=@id;; |
Source: aISbFyk4Lj.exe, 00000000.00000002.227476170.000000000362D000.00000004.00000001.sdmp | Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: aISbFyk4Lj.exe, 00000000.00000002.227476170.000000000362D000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType WHERE id=@id; |
Source: aISbFyk4Lj.exe, 00000000.00000002.227476170.000000000362D000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo; |
Source: aISbFyk4Lj.exe, 00000000.00000002.227476170.000000000362D000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade); |
Source: aISbFyk4Lj.exe, 00000000.00000002.227476170.000000000362D000.00000004.00000001.sdmp | Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone); |
Source: aISbFyk4Lj.exe, 00000000.00000002.227476170.000000000362D000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: aISbFyk4Lj.exe, 00000000.00000002.227476170.000000000362D000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor); |
Source: aISbFyk4Lj.exe, 00000000.00000002.227476170.000000000362D000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo) |
Source: unknown | Process created: C:\Users\user\Desktop\aISbFyk4Lj.exe 'C:\Users\user\Desktop\aISbFyk4Lj.exe' |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\QxHKzIlUxTf' /XML 'C:\Users\user\AppData\Local\Temp\tmp8EF.tmp' |
Source: C:\Windows\SysWOW64\schtasks.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\QxHKzIlUxTf' /XML 'C:\Users\user\AppData\Local\Temp\tmp8EF.tmp' |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\aISbFyk4Lj.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: aISbFyk4Lj.exe, 00000000.00000002.227476170.000000000362D000.00000004.00000001.sdmp | Binary or memory string: vmware |
Source: aISbFyk4Lj.exe, 00000000.00000002.227476170.000000000362D000.00000004.00000001.sdmp | Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: aISbFyk4Lj.exe, 00000000.00000002.227476170.000000000362D000.00000004.00000001.sdmp | Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: aISbFyk4Lj.exe, 00000000.00000002.227476170.000000000362D000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath " |
Source: aISbFyk4Lj.exe, 00000000.00000002.227476170.000000000362D000.00000004.00000001.sdmp | Binary or memory string: VMWARE |
Source: aISbFyk4Lj.exe, 00000000.00000002.227476170.000000000362D000.00000004.00000001.sdmp | Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: aISbFyk4Lj.exe, 00000000.00000002.227476170.000000000362D000.00000004.00000001.sdmp | Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: aISbFyk4Lj.exe, 00000000.00000002.227476170.000000000362D000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II |
Source: aISbFyk4Lj.exe, 00000000.00000002.227476170.000000000362D000.00000004.00000001.sdmp | Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |