Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.174 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 37.235.1.177 |
Source: 38.2.RegAsm.exe.1e1f3c68.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 38.2.RegAsm.exe.1f219616.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 38.2.RegAsm.exe.1f219616.4.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 41.2.RegAsm.exe.1ebfe44c.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 41.2.RegAsm.exe.1dbd3c68.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 38.2.RegAsm.exe.1f21e44c.5.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 41.2.RegAsm.exe.1ebf9616.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 41.2.RegAsm.exe.1ebf9616.3.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 38.2.RegAsm.exe.1f21e44c.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 41.2.RegAsm.exe.1ec02a75.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 38.2.RegAsm.exe.1f222a75.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 41.2.RegAsm.exe.1ebfe44c.4.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000029.00000002.780177556.000000001EBB1000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000026.00000002.767234010.000000001F1D1000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000029.00000002.780062745.000000001DBB1000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000026.00000002.767134795.000000001E1D1000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: RegAsm.exe PID: 5904, type: MEMORYSTR |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: RegAsm.exe PID: 4736, type: MEMORYSTR |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 38.2.RegAsm.exe.1e1f3c68.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 38.2.RegAsm.exe.1e1f3c68.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 38.2.RegAsm.exe.1f219616.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 38.2.RegAsm.exe.1f219616.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 38.2.RegAsm.exe.1f219616.4.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 41.2.RegAsm.exe.1ebfe44c.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 41.2.RegAsm.exe.1ebfe44c.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 41.2.RegAsm.exe.1dbd3c68.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 41.2.RegAsm.exe.1dbd3c68.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 38.2.RegAsm.exe.1f21e44c.5.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 38.2.RegAsm.exe.1f21e44c.5.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 41.2.RegAsm.exe.1ebf9616.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 41.2.RegAsm.exe.1ebf9616.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 41.2.RegAsm.exe.1ebf9616.3.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 38.2.RegAsm.exe.1f21e44c.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 38.2.RegAsm.exe.1f21e44c.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 41.2.RegAsm.exe.1ec02a75.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 41.2.RegAsm.exe.1ec02a75.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 38.2.RegAsm.exe.1f222a75.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 38.2.RegAsm.exe.1f222a75.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 41.2.RegAsm.exe.1ebfe44c.4.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 41.2.RegAsm.exe.1ebfe44c.4.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000029.00000002.780177556.000000001EBB1000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000026.00000002.767234010.000000001F1D1000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000029.00000002.780062745.000000001DBB1000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000026.00000002.767134795.000000001E1D1000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: RegAsm.exe PID: 5904, type: MEMORYSTR |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: RegAsm.exe PID: 4736, type: MEMORYSTR |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Code function: 0_2_004066EE push edx; iretd |
0_2_004066EF |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Code function: 0_2_00407D67 push es; ret |
0_2_00407D68 |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Code function: 0_2_03C143DC push ebp; ret |
0_2_03C143EE |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Code function: 0_2_03C12DDF push ss; retf |
0_2_03C12E11 |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Code function: 0_2_03C14FDF push es; ret |
0_2_03C14FF2 |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Code function: 0_2_03C12593 push ss; retf |
0_2_03C12595 |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Code function: 0_2_03C14598 push ss; ret |
0_2_03C14599 |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Code function: 0_2_03C12BB8 push ss; retf |
0_2_03C12BED |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Code function: 0_2_03C12D17 push ss; ret |
0_2_03C12D1A |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Code function: 0_2_03C124E4 push ss; retf |
0_2_03C124E5 |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Code function: 0_2_03C120EE push edi; ret |
0_2_03C120F2 |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Code function: 0_2_03C140F3 push esp; ret |
0_2_03C140F6 |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Code function: 0_2_03C156A2 push FFFFFFE5h; ret |
0_2_03C156AB |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Code function: 0_2_03C120AA push edi; ret |
0_2_03C120E6 |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Code function: 0_2_03C156AD push FFFFFFE5h; ret |
0_2_03C156AB |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Code function: 0_2_03C12203 pushad ; ret |
0_2_03C12216 |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Code function: 0_2_03C13C0B push esi; ret |
0_2_03C13C0E |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Code function: 0_2_03C12E12 push ss; retf |
0_2_03C12E11 |
Source: C:\Users\user\subfolder1\filename1.exe |
Code function: 27_2_02A912CB push ss; retf |
27_2_02A912D5 |
Source: C:\Users\user\subfolder1\filename1.exe |
Code function: 27_2_02A93C2C pushfd ; iretd |
27_2_02A93C9E |
Source: C:\Users\user\subfolder1\filename1.exe |
Code function: 27_2_02A96220 push ds; ret |
27_2_02A96303 |
Source: C:\Users\user\subfolder1\filename1.exe |
Code function: 27_2_02A93604 push ss; retf |
27_2_02A93609 |
Source: C:\Users\user\subfolder1\filename1.exe |
Code function: 27_2_02A93C1F pushfd ; iretd |
27_2_02A93C9E |
Source: C:\Users\user\subfolder1\filename1.exe |
Code function: 27_2_02A94612 push ss; ret |
27_2_02A94619 |
Source: C:\Users\user\subfolder1\filename1.exe |
Code function: 27_2_02A9625A push ds; ret |
27_2_02A96303 |
Source: C:\Users\user\subfolder1\filename1.exe |
Code function: 27_2_02A9665E push FFFFFF8Dh; ret |
27_2_02A96697 |
Source: C:\Users\user\subfolder1\filename1.exe |
Code function: 27_2_02A94653 pushad ; ret |
27_2_02A94658 |
Source: C:\Users\user\subfolder1\filename1.exe |
Code function: 27_2_02A93FB2 pushad ; retf |
27_2_02A93FB9 |
Source: C:\Users\user\subfolder1\filename1.exe |
Code function: 27_2_02A95DB5 push cs; iretd |
27_2_02A95E62 |
Source: C:\Users\user\subfolder1\filename1.exe |
Code function: 27_2_02A90FB7 push eax; ret |
27_2_02A90FCB |
Source: C:\Users\user\subfolder1\filename1.exe |
Code function: 27_2_02A92BDD push ss; retf |
27_2_02A92BED |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\subfolder1\filename1.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\subfolder1\filename1.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\subfolder1\filename1.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\subfolder1\filename1.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\subfolder1\filename1.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\subfolder1\filename1.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\subfolder1\filename1.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\subfolder1\filename1.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
RDTSC instruction interceptor: First address: 0000000003C16090 second address: 0000000003C16090 instructions: 0x00000000 rdtsc 0x00000002 mov eax, D06691AFh 0x00000007 xor eax, 51795B17h 0x0000000c sub eax, E89895FEh 0x00000011 sub eax, 988734B9h 0x00000016 cpuid 0x00000018 jmp 00007FFA9036EA76h 0x0000001a test bx, 62F2h 0x0000001f popad 0x00000020 call 00007FFA9036EA2Ch 0x00000025 lfence 0x00000028 mov edx, 3126F457h 0x0000002d xor edx, A11635D2h 0x00000033 xor edx, 122A2AF9h 0x00000039 xor edx, FDE4EB68h 0x0000003f mov edx, dword ptr [edx] 0x00000041 lfence 0x00000044 ret 0x00000045 cmp dh, ch 0x00000047 sub edx, esi 0x00000049 ret 0x0000004a test ah, dh 0x0000004c pop ecx 0x0000004d add edi, edx 0x0000004f dec ecx 0x00000050 mov dword ptr [ebp+0000017Ch], 339F83C1h 0x0000005a sub dword ptr [ebp+0000017Ch], 00B60B54h 0x00000064 sub dword ptr [ebp+0000017Ch], 2594365Ah 0x0000006e add dword ptr [ebp+0000017Ch], F2AABDEDh 0x00000078 cmp ecx, dword ptr [ebp+0000017Ch] 0x0000007e jne 00007FFA9036E974h 0x00000084 jmp 00007FFA9036EA82h 0x00000086 test ch, dh 0x00000088 mov dword ptr [ebp+00000274h], edi 0x0000008e mov edi, ecx 0x00000090 push edi 0x00000091 mov edi, dword ptr [ebp+00000274h] 0x00000097 call 00007FFA9036EA94h 0x0000009c call 00007FFA9036EAA8h 0x000000a1 lfence 0x000000a4 mov edx, 3126F457h 0x000000a9 xor edx, A11635D2h 0x000000af xor edx, 122A2AF9h 0x000000b5 xor edx, FDE4EB68h 0x000000bb mov edx, dword ptr [edx] 0x000000bd lfence 0x000000c0 ret 0x000000c1 mov esi, edx 0x000000c3 pushad 0x000000c4 rdtsc |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
RDTSC instruction interceptor: First address: 0000000003C163DB second address: 0000000003C163DB instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 179B936Ch 0x00000013 xor eax, 12709E28h 0x00000018 add eax, 314D5628h 0x0000001d sub eax, 3738636Bh 0x00000022 cpuid 0x00000024 bt ecx, 1Fh 0x00000028 jc 00007FFA9039E6F8h 0x0000002e popad 0x0000002f call 00007FFA9039B303h 0x00000034 lfence 0x00000037 rdtsc |
Source: C:\Users\user\Desktop\7keerHhHvn.exe |
RDTSC instruction interceptor: First address: 0000000003C111D1 second address: 0000000003C1734D instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a call 00007FFA90374B8Eh 0x0000000f pushad 0x00000010 lfence 0x00000013 rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
RDTSC instruction interceptor: First address: 0000000001126090 second address: 0000000001126090 instructions: 0x00000000 rdtsc 0x00000002 mov eax, D06691AFh 0x00000007 xor eax, 51795B17h 0x0000000c sub eax, E89895FEh 0x00000011 sub eax, 988734B9h 0x00000016 cpuid 0x00000018 jmp 00007FFA9039B2C6h 0x0000001a test bx, 62F2h 0x0000001f popad 0x00000020 call 00007FFA9039B27Ch 0x00000025 lfence 0x00000028 mov edx, 3126F457h 0x0000002d xor edx, A11635D2h 0x00000033 xor edx, 122A2AF9h 0x00000039 xor edx, FDE4EB68h 0x0000003f mov edx, dword ptr [edx] 0x00000041 lfence 0x00000044 ret 0x00000045 cmp dh, ch 0x00000047 sub edx, esi 0x00000049 ret 0x0000004a test ah, dh 0x0000004c pop ecx 0x0000004d add edi, edx 0x0000004f dec ecx 0x00000050 mov dword ptr [ebp+0000017Ch], 339F83C1h 0x0000005a sub dword ptr [ebp+0000017Ch], 00B60B54h 0x00000064 sub dword ptr [ebp+0000017Ch], 2594365Ah 0x0000006e add dword ptr [ebp+0000017Ch], F2AABDEDh 0x00000078 cmp ecx, dword ptr [ebp+0000017Ch] 0x0000007e jne 00007FFA9039B1C4h 0x00000084 jmp 00007FFA9039B2D2h 0x00000086 test ch, dh 0x00000088 mov dword ptr [ebp+00000274h], edi 0x0000008e mov edi, ecx 0x00000090 push edi 0x00000091 mov edi, dword ptr [ebp+00000274h] 0x00000097 call 00007FFA9039B2E4h 0x0000009c call 00007FFA9039B2F8h 0x000000a1 lfence 0x000000a4 mov edx, 3126F457h 0x000000a9 xor edx, A11635D2h 0x000000af xor edx, 122A2AF9h 0x000000b5 xor edx, FDE4EB68h 0x000000bb mov edx, dword ptr [edx] 0x000000bd lfence 0x000000c0 ret 0x000000c1 mov esi, edx 0x000000c3 pushad 0x000000c4 rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
RDTSC instruction interceptor: First address: 00000000011263DB second address: 00000000011263DB instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 179B936Ch 0x00000013 xor eax, 12709E28h 0x00000018 add eax, 314D5628h 0x0000001d sub eax, 3738636Bh 0x00000022 cpuid 0x00000024 bt ecx, 1Fh 0x00000028 jc 00007FFA90371EA8h 0x0000002e popad 0x0000002f call 00007FFA9036EAB3h 0x00000034 lfence 0x00000037 rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
RDTSC instruction interceptor: First address: 0000000001121FB1 second address: 0000000001121FB1 instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
RDTSC instruction interceptor: First address: 0000000001123F9B second address: 0000000001123F9B instructions: |
Source: C:\Users\user\subfolder1\filename1.exe |
RDTSC instruction interceptor: First address: 0000000002A96090 second address: 0000000002A96090 instructions: 0x00000000 rdtsc 0x00000002 mov eax, D06691AFh 0x00000007 xor eax, 51795B17h 0x0000000c sub eax, E89895FEh 0x00000011 sub eax, 988734B9h 0x00000016 cpuid 0x00000018 jmp 00007FFA9039B2C6h 0x0000001a test bx, 62F2h 0x0000001f popad 0x00000020 call 00007FFA9039B27Ch 0x00000025 lfence 0x00000028 mov edx, 3126F457h 0x0000002d xor edx, A11635D2h 0x00000033 xor edx, 122A2AF9h 0x00000039 xor edx, FDE4EB68h 0x0000003f mov edx, dword ptr [edx] 0x00000041 lfence 0x00000044 ret 0x00000045 cmp dh, ch 0x00000047 sub edx, esi 0x00000049 ret 0x0000004a test ah, dh 0x0000004c pop ecx 0x0000004d add edi, edx 0x0000004f dec ecx 0x00000050 mov dword ptr [ebp+0000017Ch], 339F83C1h 0x0000005a sub dword ptr [ebp+0000017Ch], 00B60B54h 0x00000064 sub dword ptr [ebp+0000017Ch], 2594365Ah 0x0000006e add dword ptr [ebp+0000017Ch], F2AABDEDh 0x00000078 cmp ecx, dword ptr [ebp+0000017Ch] 0x0000007e jne 00007FFA9039B1C4h 0x00000084 jmp 00007FFA9039B2D2h 0x00000086 test ch, dh 0x00000088 mov dword ptr [ebp+00000274h], edi 0x0000008e mov edi, ecx 0x00000090 push edi 0x00000091 mov edi, dword ptr [ebp+00000274h] 0x00000097 call 00007FFA9039B2E4h 0x0000009c call 00007FFA9039B2F8h 0x000000a1 lfence 0x000000a4 mov edx, 3126F457h 0x000000a9 xor edx, A11635D2h 0x000000af xor edx, 122A2AF9h 0x000000b5 xor edx, FDE4EB68h 0x000000bb mov edx, dword ptr [edx] 0x000000bd lfence 0x000000c0 ret 0x000000c1 mov esi, edx 0x000000c3 pushad 0x000000c4 rdtsc |
Source: C:\Users\user\subfolder1\filename1.exe |
RDTSC instruction interceptor: First address: 0000000002AE6090 second address: 0000000002AE6090 instructions: 0x00000000 rdtsc 0x00000002 mov eax, D06691AFh 0x00000007 xor eax, 51795B17h 0x0000000c sub eax, E89895FEh 0x00000011 sub eax, 988734B9h 0x00000016 cpuid 0x00000018 jmp 00007FFA9036EA76h 0x0000001a test bx, 62F2h 0x0000001f popad 0x00000020 call 00007FFA9036EA2Ch 0x00000025 lfence 0x00000028 mov edx, 3126F457h 0x0000002d xor edx, A11635D2h 0x00000033 xor edx, 122A2AF9h 0x00000039 xor edx, FDE4EB68h 0x0000003f mov edx, dword ptr [edx] 0x00000041 lfence 0x00000044 ret 0x00000045 cmp dh, ch 0x00000047 sub edx, esi 0x00000049 ret 0x0000004a test ah, dh 0x0000004c pop ecx 0x0000004d add edi, edx 0x0000004f dec ecx 0x00000050 mov dword ptr [ebp+0000017Ch], 339F83C1h 0x0000005a sub dword ptr [ebp+0000017Ch], 00B60B54h 0x00000064 sub dword ptr [ebp+0000017Ch], 2594365Ah 0x0000006e add dword ptr [ebp+0000017Ch], F2AABDEDh 0x00000078 cmp ecx, dword ptr [ebp+0000017Ch] 0x0000007e jne 00007FFA9036E974h 0x00000084 jmp 00007FFA9036EA82h 0x00000086 test ch, dh 0x00000088 mov dword ptr [ebp+00000274h], edi 0x0000008e mov edi, ecx 0x00000090 push edi 0x00000091 mov edi, dword ptr [ebp+00000274h] 0x00000097 call 00007FFA9036EA94h 0x0000009c call 00007FFA9036EAA8h 0x000000a1 lfence 0x000000a4 mov edx, 3126F457h 0x000000a9 xor edx, A11635D2h 0x000000af xor edx, 122A2AF9h 0x000000b5 xor edx, FDE4EB68h 0x000000bb mov edx, dword ptr [edx] 0x000000bd lfence 0x000000c0 ret 0x000000c1 mov esi, edx 0x000000c3 pushad 0x000000c4 rdtsc |
Source: C:\Users\user\subfolder1\filename1.exe |
RDTSC instruction interceptor: First address: 0000000002A963DB second address: 0000000002A963DB instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 179B936Ch 0x00000013 xor eax, 12709E28h 0x00000018 add eax, 314D5628h 0x0000001d sub eax, 3738636Bh 0x00000022 cpuid 0x00000024 bt ecx, 1Fh 0x00000028 jc 00007FFA9039E6F8h 0x0000002e popad 0x0000002f call 00007FFA9039B303h 0x00000034 lfence 0x00000037 rdtsc |
Source: C:\Users\user\subfolder1\filename1.exe |
RDTSC instruction interceptor: First address: 0000000002A911D1 second address: 0000000002A9734D instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a call 00007FFA90374B8Eh 0x0000000f pushad 0x00000010 lfence 0x00000013 rdtsc |
Source: C:\Users\user\subfolder1\filename1.exe |
RDTSC instruction interceptor: First address: 0000000002AE63DB second address: 0000000002AE63DB instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 179B936Ch 0x00000013 xor eax, 12709E28h 0x00000018 add eax, 314D5628h 0x0000001d sub eax, 3738636Bh 0x00000022 cpuid 0x00000024 bt ecx, 1Fh 0x00000028 jc 00007FFA9039E6F8h 0x0000002e popad 0x0000002f call 00007FFA9039B303h 0x00000034 lfence 0x00000037 rdtsc |
Source: C:\Users\user\subfolder1\filename1.exe |
RDTSC instruction interceptor: First address: 0000000002AE11D1 second address: 0000000002AE734D instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a call 00007FFA90374B8Eh 0x0000000f pushad 0x00000010 lfence 0x00000013 rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
RDTSC instruction interceptor: First address: 0000000001306090 second address: 0000000001306090 instructions: 0x00000000 rdtsc 0x00000002 mov eax, D06691AFh 0x00000007 xor eax, 51795B17h 0x0000000c sub eax, E89895FEh 0x00000011 sub eax, 988734B9h 0x00000016 cpuid 0x00000018 jmp 00007FFA9039B2C6h 0x0000001a test bx, 62F2h 0x0000001f popad 0x00000020 call 00007FFA9039B27Ch 0x00000025 lfence 0x00000028 mov edx, 3126F457h 0x0000002d xor edx, A11635D2h 0x00000033 xor edx, 122A2AF9h 0x00000039 xor edx, FDE4EB68h 0x0000003f mov edx, dword ptr [edx] 0x00000041 lfence 0x00000044 ret 0x00000045 cmp dh, ch 0x00000047 sub edx, esi 0x00000049 ret 0x0000004a test ah, dh 0x0000004c pop ecx 0x0000004d add edi, edx 0x0000004f dec ecx 0x00000050 mov dword ptr [ebp+0000017Ch], 339F83C1h 0x0000005a sub dword ptr [ebp+0000017Ch], 00B60B54h 0x00000064 sub dword ptr [ebp+0000017Ch], 2594365Ah 0x0000006e add dword ptr [ebp+0000017Ch], F2AABDEDh 0x00000078 cmp ecx, dword ptr [ebp+0000017Ch] 0x0000007e jne 00007FFA9039B1C4h 0x00000084 jmp 00007FFA9039B2D2h 0x00000086 test ch, dh 0x00000088 mov dword ptr [ebp+00000274h], edi 0x0000008e mov edi, ecx 0x00000090 push edi 0x00000091 mov edi, dword ptr [ebp+00000274h] 0x00000097 call 00007FFA9039B2E4h 0x0000009c call 00007FFA9039B2F8h 0x000000a1 lfence 0x000000a4 mov edx, 3126F457h 0x000000a9 xor edx, A11635D2h 0x000000af xor edx, 122A2AF9h 0x000000b5 xor edx, FDE4EB68h 0x000000bb mov edx, dword ptr [edx] 0x000000bd lfence 0x000000c0 ret 0x000000c1 mov esi, edx 0x000000c3 pushad 0x000000c4 rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
RDTSC instruction interceptor: First address: 0000000000D06090 second address: 0000000000D06090 instructions: 0x00000000 rdtsc 0x00000002 mov eax, D06691AFh 0x00000007 xor eax, 51795B17h 0x0000000c sub eax, E89895FEh 0x00000011 sub eax, 988734B9h 0x00000016 cpuid 0x00000018 jmp 00007FFA9036EA76h 0x0000001a test bx, 62F2h 0x0000001f popad 0x00000020 call 00007FFA9036EA2Ch 0x00000025 lfence 0x00000028 mov edx, 3126F457h 0x0000002d xor edx, A11635D2h 0x00000033 xor edx, 122A2AF9h 0x00000039 xor edx, FDE4EB68h 0x0000003f mov edx, dword ptr [edx] 0x00000041 lfence 0x00000044 ret 0x00000045 cmp dh, ch 0x00000047 sub edx, esi 0x00000049 ret 0x0000004a test ah, dh 0x0000004c pop ecx 0x0000004d add edi, edx 0x0000004f dec ecx 0x00000050 mov dword ptr [ebp+0000017Ch], 339F83C1h 0x0000005a sub dword ptr [ebp+0000017Ch], 00B60B54h 0x00000064 sub dword ptr [ebp+0000017Ch], 2594365Ah 0x0000006e add dword ptr [ebp+0000017Ch], F2AABDEDh 0x00000078 cmp ecx, dword ptr [ebp+0000017Ch] 0x0000007e jne 00007FFA9036E974h 0x00000084 jmp 00007FFA9036EA82h 0x00000086 test ch, dh 0x00000088 mov dword ptr [ebp+00000274h], edi 0x0000008e mov edi, ecx 0x00000090 push edi 0x00000091 mov edi, dword ptr [ebp+00000274h] 0x00000097 call 00007FFA9036EA94h 0x0000009c call 00007FFA9036EAA8h 0x000000a1 lfence 0x000000a4 mov edx, 3126F457h 0x000000a9 xor edx, A11635D2h 0x000000af xor edx, 122A2AF9h 0x000000b5 xor edx, FDE4EB68h 0x000000bb mov edx, dword ptr [edx] 0x000000bd lfence 0x000000c0 ret 0x000000c1 mov esi, edx 0x000000c3 pushad 0x000000c4 rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
RDTSC instruction interceptor: First address: 00000000013063DB second address: 00000000013063DB instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 179B936Ch 0x00000013 xor eax, 12709E28h 0x00000018 add eax, 314D5628h 0x0000001d sub eax, 3738636Bh 0x00000022 cpuid 0x00000024 bt ecx, 1Fh 0x00000028 jc 00007FFA9039E6F8h 0x0000002e popad 0x0000002f call 00007FFA9039B303h 0x00000034 lfence 0x00000037 rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
RDTSC instruction interceptor: First address: 0000000000D063DB second address: 0000000000D063DB instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 179B936Ch 0x00000013 xor eax, 12709E28h 0x00000018 add eax, 314D5628h 0x0000001d sub eax, 3738636Bh 0x00000022 cpuid 0x00000024 bt ecx, 1Fh 0x00000028 jc 00007FFA90371EA8h 0x0000002e popad 0x0000002f call 00007FFA9036EAB3h 0x00000034 lfence 0x00000037 rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
RDTSC instruction interceptor: First address: 0000000001303F9B second address: 0000000001303F9B instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
RDTSC instruction interceptor: First address: 0000000000D03F9B second address: 0000000000D03F9B instructions: |