Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
21-05-2022 12:11
General
-
Target
FT20200504 104835457 EMIRATE.exe
-
Size
633KB
-
MD5
0b9fffb2575af254598a1921a40c155c
-
SHA1
bd80b6c6e9d6134a4be8e69cd8dd644bbc57dfcc
-
SHA256
7fc1a736c594f6932e35c60e99b984b93280b68a48989683839ac1f25fe17d97
-
SHA512
dc09f18b3d6743f19a4ac5a7b34f4ad001b5ea8b53cf809745ce0e7e4706f0bb0542f72c6f284f9e0156add00dc6e990fe96e189c97511555bf307e2068f5d53
Score
10/10
Malware Config
Extracted
Family
nanocore
Version
1.2.2.0
C2
chaya.ddns.net:1960
185.140.53.208:1960
Mutex
d8052c0f-025c-473b-b040-53a55fb82415
Attributes
-
activate_away_mode
true
-
backup_connection_host
185.140.53.208
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2020-01-23T08:36:54.150343836Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
1960
-
default_group
Risen One
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
d8052c0f-025c-473b-b040-53a55fb82415
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
chaya.ddns.net
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Signatures
-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Checks computer location settings 2 TTPs 64 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 2 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"1⤵
- Drops startup file
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Checks whether UAC is enabled
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"2⤵
- Drops startup file
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"3⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"3⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"4⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"4⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"5⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"5⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"5⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"5⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"6⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"7⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"7⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"7⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"7⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"7⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"8⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"8⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"9⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"9⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"9⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"10⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"10⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"10⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"11⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"11⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"12⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"12⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"13⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"13⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"14⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"14⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"14⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"14⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"14⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"15⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"15⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"16⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"16⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"17⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"17⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"17⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"17⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"18⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"18⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"19⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"19⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"19⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"20⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"20⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"20⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"20⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"20⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"20⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"21⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"21⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"22⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"22⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"23⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"23⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"23⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"24⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"24⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"25⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"25⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"26⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"26⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"27⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"27⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"28⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"28⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"29⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"29⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"29⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"29⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"30⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"30⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"31⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"31⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"32⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"32⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"32⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"33⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"33⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"34⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"34⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"35⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"35⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"36⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"36⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"37⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"37⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"38⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"38⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"39⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"39⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"39⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"40⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"40⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"40⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"40⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"41⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"41⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"42⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"42⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"43⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"43⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"44⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"44⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"44⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"44⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"45⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"45⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"45⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"46⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"46⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"47⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"47⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"48⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"48⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"49⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"49⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"50⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"50⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"51⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"51⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"52⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"52⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"53⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"53⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"54⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"54⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"54⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"54⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"54⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"55⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"55⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"56⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"56⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"56⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"56⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"57⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"57⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"58⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"58⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"59⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"59⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"59⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"59⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"60⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"60⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"61⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"61⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"61⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"61⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"62⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"62⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"63⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"63⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"64⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"64⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"64⤵
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"65⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"65⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"66⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"66⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"67⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"67⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"68⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"68⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"69⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"69⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"70⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"70⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"70⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"70⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"70⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"71⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"71⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"72⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"72⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"73⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"73⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"74⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"74⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"74⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"74⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"74⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"75⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"75⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"76⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"76⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"77⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"77⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"78⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"78⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"78⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"79⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"79⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"80⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"80⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"81⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"81⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"82⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"82⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"83⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"83⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"84⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"84⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"85⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"85⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"86⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"86⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"87⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"87⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"88⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"88⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"89⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"89⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"90⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"90⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"91⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"91⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"92⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"92⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"93⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"93⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"94⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"94⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"95⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"95⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"96⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"96⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"97⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"97⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"98⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"98⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"98⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"98⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"98⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"99⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"99⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"99⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"100⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"100⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"101⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"101⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"102⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"102⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"103⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"103⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"104⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"104⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"105⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"105⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"106⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"106⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"107⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"107⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"107⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"108⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"108⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"109⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"109⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"109⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"110⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"110⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"110⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"110⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"111⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"111⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"111⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"111⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"112⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"112⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"113⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"113⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"114⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"114⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"115⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"115⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"116⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"116⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"117⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"117⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"118⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"118⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"119⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"119⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"119⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"120⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"120⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"121⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"121⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"121⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"122⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"122⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"123⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"123⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"124⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"124⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"124⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"125⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"125⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"126⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"126⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"127⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"127⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"128⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"128⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"129⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"129⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"130⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"130⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"131⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"131⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"132⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"132⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"133⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"133⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"134⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"134⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"134⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"134⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"135⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"135⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"136⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"136⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"137⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"137⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"138⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"138⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"139⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"139⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"140⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"140⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"140⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"141⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"141⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"141⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"142⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"142⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"143⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"143⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"144⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"144⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"145⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"145⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"145⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"145⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"146⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"146⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"146⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"147⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"147⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"148⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"148⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"149⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"149⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"149⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"150⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"150⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"151⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"151⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"152⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"152⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"152⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"152⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"153⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"153⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"154⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"154⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"155⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"155⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"156⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"156⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"157⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"157⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"158⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"158⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"159⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"159⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"160⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"160⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"161⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"161⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"161⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"161⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"162⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"162⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"163⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"163⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"164⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"164⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"165⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"165⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"166⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"166⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"167⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"167⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"167⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"168⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"168⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"169⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"169⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"170⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"170⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"171⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"171⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"172⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"172⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"173⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"173⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"174⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"174⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"175⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"175⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"175⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"175⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"176⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"176⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"177⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"177⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"177⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"178⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"178⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"178⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"179⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"179⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"180⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"180⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"181⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"181⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"182⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"182⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"182⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"183⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"183⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"184⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"184⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"184⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"184⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"185⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"185⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"186⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"186⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"187⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"187⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"188⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"188⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"189⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"189⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"190⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"190⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"191⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"191⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"191⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"192⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"192⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"192⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"192⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"193⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"193⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"194⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"194⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"194⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"195⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"195⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"196⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"196⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"197⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"197⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"197⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"198⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"198⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"199⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"199⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"200⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"200⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"201⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"201⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"201⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"201⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"201⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"202⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"202⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"203⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"203⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"204⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"204⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"204⤵
- Checks computer location settings
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"205⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"205⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"206⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"206⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"207⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"207⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"208⤵
-
C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"C:\Users\Admin\AppData\Local\Temp\FT20200504 104835457 EMIRATE.exe"208⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"209⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.logFilesize
1KB
MD584e77a587d94307c0ac1357eb4d3d46f
SHA183cc900f9401f43d181207d64c5adba7a85edc1e
SHA256e16024b092a026a9dc00df69d4b9bbcab7b2dc178dc5291fc308a1abc9304a99
SHA512aefb5c62200b3ed97718d20a89990954d4d8acdc0a6a73c5a420f1bba619cb79e70c2cd0a579b9f52dc6b09e1de2cea6cd6cac4376cfee92d94e2c01d310f691
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HJdyTuap.exeFilesize
636KB
MD5e9108c549e256d5ad0a1a937062a630b
SHA16a7d9eec7ef3561ac51f2b440af7ef2f647c6f49
SHA256754a51022eed720c942f3e8868d3d02c1f871955c9e07f19972c889270148728
SHA512ca365b8458af197c7b4d30ca10ab3437b0a862a9a4e17c8027fcb222406690ab1e558f63b4586e9c4c79fc667b7f86d8ee700aaf2ae1daffc7d38db063d32ec5
-
memory/420-181-0x0000000000000000-mapping.dmp
-
memory/724-187-0x0000000000000000-mapping.dmp
-
memory/756-141-0x0000000000000000-mapping.dmp
-
memory/892-175-0x0000000000000000-mapping.dmp
-
memory/1056-186-0x0000000000000000-mapping.dmp
-
memory/1160-163-0x0000000000000000-mapping.dmp
-
memory/1364-172-0x0000000000000000-mapping.dmp
-
memory/1380-203-0x0000000000000000-mapping.dmp
-
memory/1408-174-0x0000000000000000-mapping.dmp
-
memory/1440-184-0x0000000000000000-mapping.dmp
-
memory/1640-164-0x0000000000000000-mapping.dmp
-
memory/1648-158-0x0000000000000000-mapping.dmp
-
memory/1712-146-0x0000000000000000-mapping.dmp
-
memory/1900-165-0x0000000000000000-mapping.dmp
-
memory/1964-200-0x0000000000000000-mapping.dmp
-
memory/1980-192-0x0000000000000000-mapping.dmp
-
memory/1980-156-0x0000000000000000-mapping.dmp
-
memory/2020-147-0x0000000000000000-mapping.dmp
-
memory/2108-153-0x0000000000000000-mapping.dmp
-
memory/2132-204-0x0000000001800000-0x00000000018AB000-memory.dmpFilesize
684KB
-
memory/2132-205-0x0000000001800000-0x00000000018AB000-memory.dmpFilesize
684KB
-
memory/2176-143-0x0000000000000000-mapping.dmp
-
memory/2180-162-0x0000000000000000-mapping.dmp
-
memory/2236-180-0x0000000000000000-mapping.dmp
-
memory/2272-159-0x0000000000000000-mapping.dmp
-
memory/2332-185-0x0000000000000000-mapping.dmp
-
memory/2372-179-0x0000000000000000-mapping.dmp
-
memory/2404-193-0x0000000000000000-mapping.dmp
-
memory/2408-167-0x0000000000000000-mapping.dmp
-
memory/2432-155-0x0000000000000000-mapping.dmp
-
memory/2572-151-0x0000000000000000-mapping.dmp
-
memory/2612-154-0x0000000000000000-mapping.dmp
-
memory/2832-148-0x0000000000000000-mapping.dmp
-
memory/2860-178-0x0000000000000000-mapping.dmp
-
memory/2932-196-0x0000000000000000-mapping.dmp
-
memory/2972-188-0x0000000000000000-mapping.dmp
-
memory/3020-139-0x0000000000000000-mapping.dmp
-
memory/3128-161-0x0000000000000000-mapping.dmp
-
memory/3164-189-0x0000000000000000-mapping.dmp
-
memory/3460-202-0x0000000000000000-mapping.dmp
-
memory/3504-183-0x0000000000000000-mapping.dmp
-
memory/3516-190-0x0000000000000000-mapping.dmp
-
memory/3544-176-0x0000000000000000-mapping.dmp
-
memory/3572-199-0x0000000000000000-mapping.dmp
-
memory/3584-160-0x0000000000000000-mapping.dmp
-
memory/3628-201-0x0000000000000000-mapping.dmp
-
memory/3688-157-0x0000000000000000-mapping.dmp
-
memory/3692-191-0x0000000000000000-mapping.dmp
-
memory/3700-166-0x0000000000000000-mapping.dmp
-
memory/3704-197-0x0000000000000000-mapping.dmp
-
memory/3748-170-0x0000000000000000-mapping.dmp
-
memory/3760-171-0x0000000000000000-mapping.dmp
-
memory/3872-198-0x0000000000000000-mapping.dmp
-
memory/4044-131-0x0000000002710000-0x0000000002713000-memory.dmpFilesize
12KB
-
memory/4044-132-0x00000000028A0000-0x00000000028A3000-memory.dmpFilesize
12KB
-
memory/4044-130-0x0000000000300000-0x00000000003A4000-memory.dmpFilesize
656KB
-
memory/4060-144-0x0000000000000000-mapping.dmp
-
memory/4068-194-0x0000000000000000-mapping.dmp
-
memory/4108-182-0x0000000000000000-mapping.dmp
-
memory/4212-152-0x0000000000000000-mapping.dmp
-
memory/4244-173-0x0000000000000000-mapping.dmp
-
memory/4252-150-0x0000000000000000-mapping.dmp
-
memory/4400-145-0x0000000000000000-mapping.dmp
-
memory/4488-177-0x0000000000000000-mapping.dmp
-
memory/4652-195-0x0000000000000000-mapping.dmp
-
memory/4708-169-0x0000000000000000-mapping.dmp
-
memory/4732-136-0x0000000004E40000-0x0000000004ED2000-memory.dmpFilesize
584KB
-
memory/4732-138-0x0000000004EF0000-0x0000000004EFA000-memory.dmpFilesize
40KB
-
memory/4732-137-0x0000000005000000-0x000000000509C000-memory.dmpFilesize
624KB
-
memory/4732-134-0x0000000000400000-0x000000000047E000-memory.dmpFilesize
504KB
-
memory/4732-135-0x0000000005510000-0x0000000005AB4000-memory.dmpFilesize
5.6MB
-
memory/4732-133-0x0000000000000000-mapping.dmp
-
memory/4908-140-0x0000000000000000-mapping.dmp
-
memory/5092-149-0x0000000000000000-mapping.dmp