API tools faq
paste
W3ndige

2019-08-26-Nanocore-config

W3ndige
Aug 26th, 2019
264
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.30 KB | None | 0 0
raw download clone embed print report
  1. [+] Searching memory by Yara rules.
  2. [+] Detect malware by Yara rules.
  3. [+] Process Name : RegAsm.exe
  4. [+] Process ID : 1816
  5. [+] Malware name : Nanocore
  6. [+] Base Address(VAD) : 0x400000
  7. [+] Size : 0x38000
  8. ----------------------------------------------------------------------
  9. Process: RegAsm.exe (1816)
  10.  
  11. [Config Info]
  12. Version : 1.2.2.0
  13. Mutex : 8de974fe015d424391265d0b68e76a20
  14. Group : Default
  15. Domain1 : gregvictor.hopto.org
  16. Domain2 : 103.200.5.128
  17. Port : 8776
  18. RunOnStartup : Enable
  19. RequestElevation : Disable
  20. BypassUAC : Enable
  21. ClearZoneIdentifier : Enable
  22. ClearAccessControl : Disable
  23. SetCriticalProcess : Disable
  24. PreventSystemSleep : Enable
  25. ActivateAwayMode : Disable
  26. EnableDebugMode : Disable
  27. RunDelay : 0
  28. ConnectDelay : 4000
  29. RestartDelay : 5000
  30. TimeoutInterval : 5000
  31. KeepAliveTimeout : 30000
  32. MutexTimeout : 5000
  33. LanTimeout : 2500
  34. WanTimeout : 8000
  35. BufferSize : ffff0000
  36. MaxPacketSize : 0000a000
  37. GCThreshold : 0000a000
  38. UseCustomDNS : Enable
  39. PrimaryDNSServer : 8.8.8.8
  40. BackupDNSServer : 8.8.4.4
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!