Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00F6A3BFh |
3_2_00F6A100 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00F6969Fh |
3_2_00F693E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00F68848h |
3_2_00F68430 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00F69AFFh |
3_2_00F69841 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00F69F5Fh |
3_2_00F69CA1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00F678A9h |
3_2_00F66DDF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00F6923Fh |
3_2_00F68E97 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00F68109h |
3_2_00F67E49 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
3_2_00F66300 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00F68848h |
3_2_00F68429 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 00F68848h |
3_2_00F68776 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
3_2_00F66933 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
3_2_00F66B14 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06146CE1h |
3_2_06146A38 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06143D19h |
3_2_06143A70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06147139h |
3_2_06146E90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06144171h |
3_2_06143EC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06147591h |
3_2_061472E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 061445C9h |
3_2_06144320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 061479E9h |
3_2_06147740 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06144A21h |
3_2_06144778 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06147E41h |
3_2_06147B98 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06144E79h |
3_2_06144BD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06148299h |
3_2_06147FF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 061452D1h |
3_2_06145028 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 0614F2D1h |
3_2_0614F028 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 0614EAF9h |
3_2_0614E850 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 061486F1h |
3_2_06148448 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06145729h |
3_2_06145480 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 0614F729h |
3_2_0614F480 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06148B49h |
3_2_061488A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06145B81h |
3_2_061458D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 0614FB81h |
3_2_0614F8D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06148FA1h |
3_2_06148CF8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06145FD9h |
3_2_06145D30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 061493F9h |
3_2_06149150 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06146431h |
3_2_06146188 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06146889h |
3_2_061465E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then lea esp, dword ptr [ebp-04h] |
3_2_0614CA5F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then lea esp, dword ptr [ebp-04h] |
3_2_0614CA70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then lea esp, dword ptr [ebp-04h] |
3_2_0614CD86 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 061626F9h |
3_2_06162450 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06160741h |
3_2_06160498 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 061602E9h |
3_2_06160040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06162FA9h |
3_2_06162D00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06162B51h |
3_2_061628A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06160B99h |
3_2_061608F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 061619F2h |
3_2_06161748 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06163859h |
3_2_061635B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06163401h |
3_2_06163158 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 061622A1h |
3_2_06161FF8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then jmp 06161E49h |
3_2_06161BA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 4x nop then lea esp, dword ptr [ebp-04h] |
3_2_06169F14 |
Source: 0.2.project plan.exe.16766a241c0.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.project plan.exe.16766a241c0.3.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.project plan.exe.16766a241c0.3.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.project plan.exe.16766a241c0.3.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.project plan.exe.16766a04378.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.project plan.exe.16766a04378.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.project plan.exe.16766a04378.1.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.project plan.exe.16766a04378.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 3.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 3.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 3.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.project plan.exe.16766a04378.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.project plan.exe.16766a04378.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.project plan.exe.16766a04378.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.project plan.exe.16766a04378.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.project plan.exe.16766a241c0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.project plan.exe.16766a241c0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.project plan.exe.16766a241c0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.project plan.exe.16766a241c0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000003.00000002.3220109247.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000003.00000002.3220109247.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000000.00000002.2170359604.000001676696F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000000.00000002.2170359604.000001676696F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: Process Memory Space: project plan.exe PID: 1536, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: project plan.exe PID: 1536, type: MEMORYSTR |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: Process Memory Space: RegAsm.exe PID: 6132, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: RegAsm.exe PID: 6132, type: MEMORYSTR |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: C:\Users\user\Desktop\project plan.exe |
Code function: 0_2_00007FF848F1194D |
0_2_00007FF848F1194D |
Source: C:\Users\user\Desktop\project plan.exe |
Code function: 0_2_00007FF848F10B3C |
0_2_00007FF848F10B3C |
Source: C:\Users\user\Desktop\project plan.exe |
Code function: 0_2_00007FF848F14620 |
0_2_00007FF848F14620 |
Source: C:\Users\user\Desktop\project plan.exe |
Code function: 0_2_00007FF848F19680 |
0_2_00007FF848F19680 |
Source: C:\Users\user\Desktop\project plan.exe |
Code function: 0_2_00007FF848F1BD90 |
0_2_00007FF848F1BD90 |
Source: C:\Users\user\Desktop\project plan.exe |
Code function: 0_2_00007FF848F105F0 |
0_2_00007FF848F105F0 |
Source: C:\Users\user\Desktop\project plan.exe |
Code function: 0_2_00007FF848F24F03 |
0_2_00007FF848F24F03 |
Source: C:\Users\user\Desktop\project plan.exe |
Code function: 0_2_00007FF848F11F30 |
0_2_00007FF848F11F30 |
Source: C:\Users\user\Desktop\project plan.exe |
Code function: 0_2_00007FF848F24F50 |
0_2_00007FF848F24F50 |
Source: C:\Users\user\Desktop\project plan.exe |
Code function: 0_2_00007FF848F10F90 |
0_2_00007FF848F10F90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00F6C19C |
3_2_00F6C19C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00F6A100 |
3_2_00F6A100 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00F693E0 |
3_2_00F693E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00F634F3 |
3_2_00F634F3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00F688C0 |
3_2_00F688C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00F69841 |
3_2_00F69841 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00F69CA1 |
3_2_00F69CA1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00F66DDF |
3_2_00F66DDF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00F68E97 |
3_2_00F68E97 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00F67E49 |
3_2_00F67E49 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00F662EF |
3_2_00F662EF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00F66300 |
3_2_00F66300 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00F688B0 |
3_2_00F688B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00F68F10 |
3_2_00F68F10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06146A38 |
3_2_06146A38 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06143A70 |
3_2_06143A70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06146E90 |
3_2_06146E90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06143EC8 |
3_2_06143EC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_061472E8 |
3_2_061472E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0614DAE8 |
3_2_0614DAE8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06144320 |
3_2_06144320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06147740 |
3_2_06147740 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06144778 |
3_2_06144778 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06147B98 |
3_2_06147B98 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06144BD0 |
3_2_06144BD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_061407C8 |
3_2_061407C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06147FF0 |
3_2_06147FF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06145028 |
3_2_06145028 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0614F028 |
3_2_0614F028 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0614E850 |
3_2_0614E850 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06148448 |
3_2_06148448 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06145480 |
3_2_06145480 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0614F480 |
3_2_0614F480 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_061488A0 |
3_2_061488A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_061458D8 |
3_2_061458D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0614F8D8 |
3_2_0614F8D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06148CF8 |
3_2_06148CF8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06145D30 |
3_2_06145D30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06149150 |
3_2_06149150 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0614ED68 |
3_2_0614ED68 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06146188 |
3_2_06146188 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_061495A8 |
3_2_061495A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_061465E0 |
3_2_061465E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0614CDE8 |
3_2_0614CDE8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06146A29 |
3_2_06146A29 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0614CA5F |
3_2_0614CA5F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0614CA70 |
3_2_0614CA70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06143A60 |
3_2_06143A60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06146E80 |
3_2_06146E80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06143EB9 |
3_2_06143EB9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_061472D8 |
3_2_061472D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06144310 |
3_2_06144310 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06147733 |
3_2_06147733 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06144768 |
3_2_06144768 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06147B88 |
3_2_06147B88 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06144BC1 |
3_2_06144BC1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06147FE3 |
3_2_06147FE3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0614F013 |
3_2_0614F013 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06145018 |
3_2_06145018 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06140037 |
3_2_06140037 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06148438 |
3_2_06148438 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06140040 |
3_2_06140040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0614E840 |
3_2_0614E840 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06145470 |
3_2_06145470 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0614F470 |
3_2_0614F470 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06148897 |
3_2_06148897 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0614C0D9 |
3_2_0614C0D9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_061458C8 |
3_2_061458C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0614F8C9 |
3_2_0614F8C9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06148CE9 |
3_2_06148CE9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06145D2B |
3_2_06145D2B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06149140 |
3_2_06149140 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0614617B |
3_2_0614617B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0614C180 |
3_2_0614C180 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_061465D4 |
3_2_061465D4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06164608 |
3_2_06164608 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06162450 |
3_2_06162450 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06160498 |
3_2_06160498 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06166588 |
3_2_06166588 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06160040 |
3_2_06160040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06164C58 |
3_2_06164C58 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06162D00 |
3_2_06162D00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06166BD8 |
3_2_06166BD8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_061628A8 |
3_2_061628A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_061608F0 |
3_2_061608F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06161748 |
3_2_06161748 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_061635B0 |
3_2_061635B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06167228 |
3_2_06167228 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_061652A0 |
3_2_061652A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_061693D2 |
3_2_061693D2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06163158 |
3_2_06163158 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06165F38 |
3_2_06165F38 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06163FB8 |
3_2_06163FB8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06161FF8 |
3_2_06161FF8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06161BA0 |
3_2_06161BA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06167870 |
3_2_06167870 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_061658E8 |
3_2_061658E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06162440 |
3_2_06162440 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06160488 |
3_2_06160488 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06166578 |
3_2_06166578 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_061645F8 |
3_2_061645F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06160006 |
3_2_06160006 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06164C48 |
3_2_06164C48 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06162CF1 |
3_2_06162CF1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06166BC8 |
3_2_06166BC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06162898 |
3_2_06162898 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_061608E0 |
3_2_061608E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06161739 |
3_2_06161739 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_061635A0 |
3_2_061635A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06167219 |
3_2_06167219 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06165290 |
3_2_06165290 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06163148 |
3_2_06163148 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06165F29 |
3_2_06165F29 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06163FA9 |
3_2_06163FA9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06161FE9 |
3_2_06161FE9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_06161B8F |
3_2_06161B8F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0616785F |
3_2_0616785F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_061658D8 |
3_2_061658D8 |
Source: 0.2.project plan.exe.16766a241c0.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.project plan.exe.16766a241c0.3.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.project plan.exe.16766a241c0.3.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.project plan.exe.16766a241c0.3.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.project plan.exe.16766a04378.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.project plan.exe.16766a04378.1.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.project plan.exe.16766a04378.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.project plan.exe.16766a04378.1.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 3.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 3.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 3.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.project plan.exe.16766a04378.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.project plan.exe.16766a04378.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.project plan.exe.16766a04378.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.project plan.exe.16766a04378.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.project plan.exe.16766a241c0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.project plan.exe.16766a241c0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.project plan.exe.16766a241c0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.project plan.exe.16766a241c0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000003.00000002.3220109247.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000003.00000002.3220109247.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000000.00000002.2170359604.000001676696F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000000.00000002.2170359604.000001676696F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: Process Memory Space: project plan.exe PID: 1536, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: project plan.exe PID: 1536, type: MEMORYSTR |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: Process Memory Space: RegAsm.exe PID: 6132, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: RegAsm.exe PID: 6132, type: MEMORYSTR |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: C:\Users\user\Desktop\project plan.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: ifmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mprapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rasmontr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mfc42u.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: authfwcfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: fwpolicyiomgr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: firewallapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: fwbase.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dhcpcmonitor.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dot3cfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dot3api.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: onex.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: eappcfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: eappprxy.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: fwcfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: hnetmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: netshell.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: nlaapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: netsetupapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: netiohlp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: nshhttp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: httpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: nshipsec.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: activeds.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: polstore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: winipsec.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: adsldpc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: adsldpc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: nshwfp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: p2pnetsh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: p2p.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rpcnsh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: whhelper.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wlancfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wlanapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wshelper.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wevtapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: peerdistsh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wcmapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rmclient.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mobilenetworking.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: ktmw32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mprmsg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\project plan.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.7.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware, Inc. |
Source: project plan.exe, 00000000.00000002.2169883533.00000167566CC000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.7.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.7.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.7.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.7.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: project plan.exe, 00000000.00000002.2169883533.00000167566CC000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMWARE |
Source: project plan.exe, 00000000.00000002.2169883533.00000167566CC000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\'C:\WINDOWS\system32\drivers\vmmouse.sys&C:\WINDOWS\system32\drivers\vmhgfs.sys |
Source: Amcache.hve.7.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: project plan.exe, 00000000.00000002.2169883533.00000167566CC000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: project plan.exe, 00000000.00000002.2169883533.00000167566CC000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMware SVGA II |
Source: Amcache.hve.7.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.7.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: RegAsm.exe, 00000003.00000002.3220966436.0000000000FC1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000009.00000003.2042868359.0000000000831000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: Amcache.hve.7.dr |
Binary or memory string: vmci.sys |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: project plan.exe, 00000000.00000002.2169883533.00000167566CC000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: C:\WINDOWS\system32\drivers\vmmouse.sys |
Source: Amcache.hve.7.dr |
Binary or memory string: vmci.syshbin` |
Source: project plan.exe, 00000000.00000002.2169883533.00000167566CC000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: vmware |
Source: Amcache.hve.7.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: RegAsm.exe, 00000003.00000002.3221467298.0000000002E30000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: $]qEmultipart/form-data; boundary=------------------------8dc9b102694a6ea< |
Source: project plan.exe, 00000000.00000002.2169883533.00000167566CC000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: C:\WINDOWS\system32\drivers\vmhgfs.sys |
Source: project plan.exe, 00000000.00000002.2169883533.00000167566CC000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: Amcache.hve.7.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.7.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.7.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.7.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.7.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.7.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: project plan.exe, 00000000.00000002.2169883533.00000167566CC000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: noValueButYesKey)C:\WINDOWS\system32\drivers\VBoxMouse.sys |
Source: project plan.exe, 00000000.00000002.2169883533.00000167566CC000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.7.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.7.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |