Technical Information
- %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
- ClassName: 'FilemonClass', WindowName: ''
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- ClassName: 'RegmonClass', WindowName: ''
- %TEMP%\zenar.exe
- '45.##3.217.148':65255
- 'ip###ger.org':80
- 'ip###ger.org':443
- 'ap#.ip.sb':443
- 'oc##.#ectigo.com':80
- http://ip###ger.org/1Ey5i7
- http://oc##.#ectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEGmjTouN%2FW5s3CDseaiw7qE%3D
- '45.##3.217.148':65255
- 'ip###ger.org':443
- 'ap#.ip.sb':443
- DNS ASK ip###ger.org
- DNS ASK ap#.ip.sb
- DNS ASK oc##.#ectigo.com
- ClassName: 'File Monitor - Sysinternals: www.sysinternals.com' WindowName: ''
- ClassName: 'Process Monitor - Sysinternals: www.sysinternals.com' WindowName: ''
- ClassName: 'Registry Monitor - Sysinternals: www.sysinternals.com' WindowName: ''
- ClassName: '18467-41' WindowName: ''
- '%TEMP%\zenar.exe'
- '%WINDIR%\syswow64\cmd.exe' /c' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe'