Play interactive tour

Edit tour

Analysis Report nmap-7.80-setup.exe

Overview

General Information

Joe Sandbox Version:	28.0.0 Lapis Lazuli
Analysis ID:	214270
Start date:	10.03.2020
Start time:	14:11:29
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 9m 42s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	nmap-7.80-setup.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis stop reason:	Timeout
Detection:	SUS
Classification:	sus24.troj.evad.winEXE@1/289@0/0
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 100% (good quality ratio 97.4%) Quality average: 86.5% Quality standard deviation: 23.6%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe, CompatTelRunner.exe Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Timeout during Intezer genetic analysis for /opt/package/joesandbox/database/analysis/214270/sample/nmap-7.80-setup.exe Timeout during Intezer genetic analysis for unpackpe/0.2.nmap-7.80-setup.exe.1e0000.0.unpack

Detection

Strategy	Score	Range	Reporting	Whitelisted	Detection
Threshold	24	0 - 100		false

Confidence

Strategy	Score	Range	Further Analysis Required?	Confidence
Threshold	4	0 - 5	false

Classification Spiderchart

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Graphical User Interface11	Winlogon Helper DLL	Process Injection1	Masquerading1	Credential Dumping	Query Registry1	Remote Desktop Protocol1	Clipboard Data1	Data Encrypted11	Standard Cryptographic Protocol1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	System Shutdown/Reboot1
Replication Through Removable Media	Service Execution	Port Monitors	Accessibility Features	Virtualization/Sandbox Evasion11	Network Sniffing	Virtualization/Sandbox Evasion11	Remote Services	Data from Removable Media	Exfiltration Over Other Network Medium	Remote Access Tools1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
External Remote Services	Windows Management Instrumentation	Accessibility Features	Path Interception	Process Injection1	Input Capture	Process Discovery1	Windows Remote Management	Data from Network Shared Drive	Automated Exfiltration	Custom Cryptographic Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Drive-by Compromise	Scheduled Task	System Firmware	DLL Search Order Hijacking	Obfuscated Files or Information	Credentials in Files	Security Software Discovery111	Logon Scripts	Input Capture	Data Encrypted	Multiband Communication	SIM Card Swap		Premium SMS Toll Fraud
Exploit Public-Facing Application	Command-Line Interface	Shortcut Modification	File System Permissions Weakness	Masquerading	Account Manipulation	File and Directory Discovery3	Shared Webroot	Data Staged	Scheduled Transfer	Standard Cryptographic Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Spearphishing Link	Graphical User Interface	Modify Existing Service	New Service	DLL Search Order Hijacking	Brute Force	System Information Discovery4	Third-party Software	Screen Capture	Data Transfer Size Limits	Commonly Used Port	Jamming or Denial of Service		Abuse Accessibility Features

Signature Overview

Click to jump to signature section

Cryptography:

Public key (encryption) found

Show sources

Source: nmap-service-probes.0.dr

Binary or memory string: match r1soft-cdp m|^\0\0\x01.R.\x02\n.\x08\xa3\x80\x04\x10.\x18\0 [\0\x01]\*.(.*?)\x10\0\x1a\x90\x02-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQ|s p/R1Soft Continuous Data Protection Agent/ i/name: $P(1)/ cpe:/a:r1soft:cdp/

Spreading:

Contains functionality to enumerate / list files inside a directory

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	Code function: 0_2_00405646 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_00405646
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	Code function: 0_2_0040601C FindFirstFileA,FindClose,	0_2_0040601C
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	Code function: 0_2_00402671 FindFirstFileA,	0_2_00402671

Networking:

Found strings which match to known social media urls

Show sources

Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: -- \| www.facebook.com equals www.facebook.com (Facebook)
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: -- \| www.twitter.com equals www.twitter.com (Twitter)
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: -- \| www.youtube.com equals www.youtube.com (Youtube)
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: -- \|_www.linkedin.com equals www.linkedin.com (Linkedin)

Urls found in memory or binary data

Show sources

Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://%s/wpad.dat
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://1.2.3.110:5357/deadbeef-469b-4da4-b413-deadbeefee90/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://1.2.3.114:52323/dmr.xml
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://1.2.3.116:50000
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://1.2.3.131:5357/deadbeef-ea5c-4b9a-a68d-deadbeefceb3/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://1.2.3.50:8200/rootDesc.xml
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://192.168.1.1/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://192.168.1.162/auth1/index.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://192.168.1.162/auth2/index.html
Source: nmap-os-db.0.dr	String found in binary or memory: http://192.168.100.1/cmOpenSource.htm:
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, dns-ip6-arpa-scan.nse.0.dr	String found in binary or memory: http://7bits.nl/blog/2012/03/26/finding-v6-hosts-by-efficiently-mapping-ip6-arpa
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://acunetix.com/vulnerabilities/web/insecure-clientaccesspolicy-xml-file
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=3.4.2
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://aluigi.altervista.org/papers.htm#ase
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://aluigi.altervista.org/papers.htm#ventrilo
Source: nmap-service-probes.0.dr	String found in binary or memory: http://any.openlookup.net:5851/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://apache.org/dav/props/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://apr.apache.org/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://aqua.comptek.ru
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://avahi.org/ticket/325
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://bfilter.sourceforge.net/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://bitcoin.org/en/alert/2012-02-18-protocol-change
Source: nmap-service-probes.0.dr	String found in binary or memory: http://bitlash.net/wiki/bitlashwebserver
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://bittorrent.org/beps/bep_0029.html
Source: nmap-service-probes.0.dr	String found in binary or memory: http://blog.hekkers.net/2011/06/13/controlling-the-av-receiver/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://blog.sec-consult.com/2015/05/kcodes-netusb-how-small-taiwanese.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://blog.unmaskparasites.com/2009/09/11/dynamic-dns-and-botnet-of-zombie-web-servers/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://blog.unmaskparasites.com/2009/09/11/dynamic-dns-and-botnet-of-zombie-web-servers/.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://bugs.proftpd.org/show_bug.cgi?id=3521
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://bukkit.org
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://calder0n.com/sillyapp/1.php/%27%22/%3E%3Cscript%3Ealert(1)%3C/script%3E
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://calder0n.com/sillyapp/secret/1.php/%27%22/%3E%3Cscript%3Ealert(1)%3C/script%3E
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://calder0n.com/sillyapp/secret/2.php/%27%22/%3E%3Cscript%3Ealert(1)%3C/script%3E
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://calder0n.com/sillyapp/three.php/%27%22/%3E%3Cscript%3Ealert(1)%3C/script%3E
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://capec.mitre.org/data/definitions/274.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://cassandra.apache.org/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://ceph.com/docs/next/dev/network-protocol/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://cgit.freedesktop.org/xorg/xserver/tree/COPYING.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://code.google.com/apis/safebrowsing/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://code.google.com/apis/safebrowsing/key_signup.html
Source: nmap-service-probes.0.dr	String found in binary or memory: http://code.google.com/p/free-android-apps/wiki/Project_LocalHTTPD
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://code.google.com/p/fuzzdb/.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://code.google.com/p/libdnet/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://code.google.com/p/mongoose/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://code.google.com/p/unraid-unmenu/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://code.google.com/p/webfinger/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://comments.gmane.org/gmane.comp.security.openvas.users/3189
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://comments.gmane.org/gmane.comp.security.openwall.john.user/785):
Source: nmap-service-probes.0.dr	String found in binary or memory: http://community.landesk.com/support/docs/DOC-1591
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://cr.yp.to/djbdns/axfr-notes.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://css3-mediaqueries-js.googlecode.com/svn/trunk/css3-mediaqueries.js
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2011-2523
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-1823
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-slowloris-check.nse.0.dr	String found in binary or memory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3922
Source: afp-path-vuln.nse.0.dr	String found in binary or memory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0533
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0738
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2333
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0049
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1002
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://cvedetails.com/cve/2013-0156/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://cvedetails.com/cve/2014-2126/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://cvedetails.com/cve/2014-2127/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://cvedetails.com/cve/2014-2128/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://cvedetails.com/cve/2014-2129/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://cwe.mitre.org/data/definitions/601.html.
Source: nmap-service-probes.0.dr	String found in binary or memory: http://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::Handshake
Source: nmap-service-probes.0.dr	String found in binary or memory: http://dev.mysql.com/doc/internals/en/packet-ERR_Packet.html#cs-packet-err-header
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, bacnet-info.nse.0.dr	String found in binary or memory: http://digitalbond.com
Source: nmap-service-probes.0.dr	String found in binary or memory: http://docs.getisymphony.com/display/ISYM28/Status
Source: nmap-service-probes.0.dr	String found in binary or memory: http://docs.oracle.com/javase/1.5.0/docs/guide/jpda/jdwp-spec.html
Source: nmap-service-probes.0.dr	String found in binary or memory: http://docs.oracle.com/javase/6/docs/platform/serialization/spec/protocol.html
Source: nmap-service-probes.0.dr	String found in binary or memory: http://docs.unity3d.com/Documentation/Manual/SecuritySandbox.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://documents.opto22.com/1465_OptoMMP_Protocol_Guide.pdf
Source: nmap-service-probes.0.dr	String found in binary or memory: http://dovecot.procontrol.fi/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://echelon.pl/pubs/poppassd.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://epos.ure.cas.cz/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://erlang.org/doc/apps/erts/erl_dist_protocol.html#id90729
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://expat.sourceforge.net/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://files.dns-sd.org/draft-cheshire-dnsext-dns-sd.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://files.sharpusa.com/Downloads/ForHome/HomeEntertainment/LCDTVs/Manuals/tel_man_LC70LE734U.pdf
Source: nmap-service-probes.0.dr	String found in binary or memory: http://flightsim.apollo3.com/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://foo.pl/forms/page.php?param=13
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://foobar.gazonk.se/xss.php?foo=bar&kalle=john
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://foolscap.lothar.com/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://forum.ragezone.com/f440/guide-mini-setup-1-35-a-494256/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://freenetproject.org/fcp.html
Source: nmap-service-probes.0.dr	String found in binary or memory: http://frox.sourceforge.net/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://ftp.freebsd.org/pub/FreeBSD/distfiles/postgresql/postgresql-$ver.tar.bz2
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://ftp.rge.com/pub/X/X11R5/contrib/xwebster.README
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://fyrmassociates.com/tools.html).
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://ganglia.sourceforge.net/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, deluge-rpc-brute.nse.0.dr	String found in binary or memory: http://git.deluge-torrent.org/deluge/tree/deluge/rencode.py
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://git.haproxy.org/?p=haproxy-1.4.git;a=commitdiff;h=844a7e76d2557364e6d34d00027f2fa514b9d855;hp
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=027a85bb03c5524e62c50e228412d9be403d7f98;hp
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=b301654e237c358e892db32c4ac449b42550d79b;hp
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://git.haproxy.org/?p=haproxy-1.6.git;a=commitdiff;h=108b1dd69d4e26312af465237487bdb855b0de60
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://git.haproxy.org/?p=haproxy.git;a=blob;f=src/proto_http.c
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=791d66d3634dde12339d4294aff55a1aed7518e3;hp=b9e
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-git.nse.0.dr	String found in binary or memory: http://github.com/anotherperson/anotherepo
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-git.nse.0.dr	String found in binary or memory: http://github.com/someuser/somerepo
Source: nmap-service-probes.0.dr	String found in binary or memory: http://gmc.yoyogames.com/index.php?showtopic=657080
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://grey-corner.blogspot.com/2010/12/introducing-vulnserver.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://gursevkalra.blogspot.com/2013/08/bypassing-same-origin-policy-with-flash.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://h20000.www2.hp.com/bc/docs/support/SupportManual/bpl13207/bpl13207.pdf
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://h20000.www2.hp.com/bc/docs/support/SupportManual/bpl13208/bpl13208.pdf
Source: nmap-service-probes.0.dr	String found in binary or memory: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=bpj01014
Source: http-slowloris-check.nse.0.dr	String found in binary or memory: http://ha.ckers.org/slowloris/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-slowloris-check.nse.0.dr	String found in binary or memory: http://ha.ckers.org/slowloris/).
Source: nmap-service-probes.0.dr	String found in binary or memory: http://hackingteam.it/index.php/remote-control-system
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-huawei-hg5xx-vuln.nse.0.dr	String found in binary or memory: http://hakim.ws).
Source: nmap-service-probes.0.dr	String found in binary or memory: http://hg.barrelfish.org/file/tip/usr/webserver/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, firewall-bypass.nse.0.dr	String found in binary or memory: http://home.regit.org/2012/03/playing-with-network-layers-to-bypass-firewalls-filtering-policy/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-apache-server-status.nse.0.dr	String found in binary or memory: http://httpd.apache.org/docs/2.4/mod/mod_status.html
Source: http-passwd.nse.0.dr	String found in binary or memory: http://insecure.org/news/P55-01.txt.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://insecure.org/sploits/Microsoft.frontpage.insecurities.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://int64.org/docs/gamestat-protocols/ase.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://ip.robtex.com/.
Source: nmap-service-probes.0.dr	String found in binary or memory: http://java.decompiler.free.fr/?q=node/626
Source: nmap-service-probes.0.dr	String found in binary or memory: http://java423.vicp.net:8652/infoserver.central/data/syshbk/collections/TECHNICALINSTRUCTION/1-61-20
Source: nmap-service-probes.0.dr	String found in binary or memory: http://l2jserver.com/.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://last-another-life.ru:8080/index.php)
Source: nmap-service-probes.0.dr	String found in binary or memory: http://lingua.utdallas.edu/encore
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://lua-users.org/wiki/TableUtils
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://mc.kev009.com/Server_List_Ping
Source: nmap-service-probes.0.dr	String found in binary or memory: http://mldonkey.berlios.de/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp	String found in binary or memory: http://mmonit.com/monit/documentation/monit.html#monit_httpd
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://mumble.sourceforge.net/Protocol.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, broadcast-hid-discoveryd.nse.0.dr	String found in binary or memory: http://nosedookie.blogspot.com/2011/07/identifying-and-querying-hid-vertx.html
Source: nmap-service-probes.0.dr	String found in binary or memory: http://nsclient.ready2run.nl/
Source: nmap-7.80-setup.exe	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: nmap-7.80-setup.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0H
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0I
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: nmap-service-probes.0.dr	String found in binary or memory: http://olsr.org/?q=txtinfo_plugin
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://ompldr.org/vZGxxaQ
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://outlet.creare.com/rbnb/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://packages.debian.org/unstable/net/ident2.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://packetstormsecurity.com/files/91243/D-Link-DAP-1160-Unauthenticated-Remote-Configuration.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://php.net/manual/en/reserved.variables.server.php
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://phpsadness.com/sad/11
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://plcremote.net/143-2/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://purenetworks.com/HNAP1/GetDeviceSettings
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://purenetworks.com/HNAP1/GetDeviceSettings2
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://purenetworks.com/HNAP1/IsDeviceReady
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://purenetworks.com/HNAP1/SetDeviceSettings
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://purenetworks.com/HNAP1/SetDeviceSettings2
Source: nmap-service-probes.0.dr	String found in binary or memory: http://radiothermostat.com/documents/RTCOAWiFIAPIV1_3.pdf
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://reports.fb.com/hpkp/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://rfc.zeromq.org/spec:15
Source: http-huawei-hg5xx-vuln.nse.0.dr	String found in binary or memory: http://routerpwn.com/#huawei
Source: nmap-service-probes.0.dr	String found in binary or memory: http://rrp.rom.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp	String found in binary or memory: http://rsync.samba.org
Source: nmap-os-db.0.dr	String found in binary or memory: http://s2soft.com/boundless/anetterm.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://scanme.insecure.org)
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://scanme.nmap.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://scanme.nmap.org/shared/css/insecdb.css
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://scanme.nmap.org:80/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://seclists.org/fulldisclosure/2009/May/att-134/IIS_Advisory_pdf.bin
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://seclists.org/fulldisclosure/2010/Oct/119
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://seclists.org/fulldisclosure/2010/Oct/119.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://seclists.org/nmap-dev/2009/q3/0685.html).
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://seclists.org/nmap-dev/2010/q1/456
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://seclists.org/nmap-dev/2010/q2/465
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://seclists.org/nmap-dev/2010/q2/753
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://seclists.org/nmap-dev/2010/q4/401
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://seclists.org/nmap-dev/2010/q4/445
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://seclists.org/nmap-dev/2010/q4/518
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://seclists.org/nmap-dev/2012/q2/971
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://seclists.org/nmap-dev/2012/q3/903.
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://seclists.org/nmap-dev/2013/q1/360
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://seclists.org/nmap-dev/2013/q2/413
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://seclists.org/nmap-dev/2013/q2/7
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://seclists.org/nmap-dev/2013/q3/72
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://seclists.org/nmap-dev/2013/q4/292
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://seclists.org/nmap-dev/2015/q2/47
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://seclists.org/oss-sec/2014/q3/685
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://sethsec.blogspot.com/2014/03/exploiting-misconfigured-crossdomainxml.html
Source: nmap-service-probes.0.dr	String found in binary or memory: http://sf.net/projects/apmud
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://sh0dan.org/oldfiles/hackingcitrix.html
Source: nmap-service-probes.0.dr	String found in binary or memory: http://shrubbery.mynetgear.net/c/display/W/JBoss
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp	String found in binary or memory: http://silcnet.org
Source: nmap-service-probes.0.dr	String found in binary or memory: http://simp.mitre.org/drafts/antp.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://site.pi3.com.pl/adv/libopie-adv.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://software-security.sans.org/blog/2011/05/02/spot-vuln-percentage
Source: nmap-service-probes.0.dr	String found in binary or memory: http://solutions.3m.com/wps/portal/3M/en_US/library/home/resources/protocols/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://some-random-page.com/admin/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://some-random-page.com/foo.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://some-random-page.com/p.php
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://some-very-random-page.com/foo.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://some-very-random-page.com:80/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://sourceforge.net/projects/gameq/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://sourceforge.net/projects/open-ftpd/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://srv.nease.net/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://staff.science.uva.nl/~arnoud/activities/NaoIntro/ConnectLantronix.c
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://subversion.apache.org/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://supercluster.org/maui
Source: nmap-service-probes.0.dr	String found in binary or memory: http://supercluster.org/torque
Source: afp-path-vuln.nse.0.dr	String found in binary or memory: http://support.apple.com/kb/HT1222
Source: nmap-os-db.0.dr	String found in binary or memory: http://support.apple.com/kb/HT4448
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://support.apple.com/kb/ts1629
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp	String found in binary or memory: http://support.code42.com/CrashPlan/Latest/Configuring/Network#Networking_FAQs
Source: nmap-service-probes.0.dr	String found in binary or memory: http://support.lexmark.com/index?page=content&id=FA642
Source: nmap-service-probes.0.dr	String found in binary or memory: http://support.nuuo.com/mediawiki/index.php/Remote_desktop
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://svn.dd-wrt.com:8000/dd-wrt/browser/src/router/httpd/httpd.c
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://svn.icculus.org/twilight/trunk/dpmaster/doc/techinfo.txt?view=markup
Source: nmap-service-probes.0.dr	String found in binary or memory: http://titanfiesta.googlecode.com/svn/trunk/TitanFiesta/Common/XorTable.h.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa
Source: http-rfi-spider.nse.0.dr	String found in binary or memory: http://tools.ietf.org/html/rfc13?
Source: nmap-service-probes.0.dr	String found in binary or memory: http://tools.ietf.org/html/rfc2748#section-2.1
Source: nmap-service-probes.0.dr	String found in binary or memory: http://udk.openoffice.org/common/man/spec/urp.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-huawei-hg5xx-vuln.nse.0.dr	String found in binary or memory: http://underground.org.mx)
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://web.cip.com.br/flaviovs/boproto.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1013.
Source: http-huawei-hg5xx-vuln.nse.0.dr	String found in binary or memory: http://websec.ca/advisories/view/Huawei-HG520c-3.10.18.x-information-disclosure
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://websec.ca/advisories/view/path-traversal-vulnerability-tplink-wdr740
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://websec.ca/advisories/view/xss-vulnerabilities-mantisbt-1.2.x
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-trane-info.nse.0.dr	String found in binary or memory: http://websec.mx/publicacion/blog/Scripts-de-Nmap-para-Trane-Tracer-SC-HVAC
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://wiki.apache.org/couchdb/HTTP_database_API.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://wiki.apache.org/couchdb/Runtime_Statistics
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://wiki.gnashdev.org/RTMP
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://wiki.slimdevices.com/index.php/CLI
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://wiki.vg/Pocket_Minecraft_Protocol#ID_UNCONNECTED_PING_OPEN_CONNECTIONS_.280x1C.29
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://wiki.vuze.com/w/Distributed_hash_table#PING
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://wiki.wireshark.org/TeamSpeak2
Source: nmap-service-probes.0.dr	String found in binary or memory: http://wiki.yobi.be/wiki/Belgian_eID
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21248026
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www-01.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.hasa600/init.htm
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www-912.ibm.com/s_dir/slkbase.NSF/0/387a6235643483f186256fee005d4c2c
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.01tech.com/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.0php.com/php_easter_egg.php.
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.3w.net/lan/faq.html
Source: nmap-os-db.0.dr	String found in binary or memory: http://www.a-tecsubsystem.com/websys/atec/web/products.jsp?prodId=1191910612953
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.acarsd.org/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.adaptivecomputing.com/blog-hpc/torque-protocols/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-traceroute.nse.0.dr	String found in binary or memory: http://www.agarri.fr/kom/archives/2011/11/12/traceroute-like_http_scanner/index.html
Source: nmap-os-db.0.dr	String found in binary or memory: http://www.amx.com/products/AVB-RX-DXLINK-HDMI.asp
Source: nmap-os-db.0.dr	String found in binary or memory: http://www.amx.com/products/NI-3100.asp
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.apache.org/licenses/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.apcupsd.com/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.asciitable.com/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, bacnet-info.nse.0.dr	String found in binary or memory: http://www.bacnet.org/VendorID/BACnet%20Vendor%20IDs.htm
Source: nmap-os-db.0.dr	String found in binary or memory: http://www.beaconmedaes.com
Source: nmap-os-db.0.dr	String found in binary or memory: http://www.beatpro.dk
Source: nmap-os-db.0.dr	String found in binary or memory: http://www.beck-ipc.com/en/products/index.asp
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.benjamin-erb.de
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.benjamin-erb.de/nmap_xsl.php
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, hostmap-bfk.nse.0.dr	String found in binary or memory: http://www.bfk.de/bfk_dnslogger.html.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.blackhatacademy.org/security101/Cold_Fusion_Hacking
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.brainz.co.kr/product/infra_05.php
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.broadband-forum.org/ftp/pub/approved-specs/af-saa-0069.000.pdf
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.bzip.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.cairographics.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.cakephp.org/.
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.citynet.ru/citynet-sv.3
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-open-proxy.nse.0.dr	String found in binary or memory: http://www.computerhistory.org
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.computerpokercompetition.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.contextis.com/research/blog/reverseproxybypass/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.corepointhealth.com/resource-center/hl7-resources/mlp-minimum-layer-protocol
Source: afp-path-vuln.nse.0.dr	String found in binary or memory: http://www.cqure.net/wp/2010/03/detecting-apple-mac-os-x-afp-vulnerability-cve-2010-0533-with-nmap
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.crossmatch.com/products_singlescan_vE.html)
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.crynwr.com/crynwr/rfc1035/rfc1035.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.csie.ntu.edu.tw/~cjlin/liblinear/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp	String found in binary or memory: http://www.cups.org
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.dr	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.ducea.com/2008/11/24/drac-ip-port-numbers/.
Source: nmap-os-db.0.dr	String found in binary or memory: http://www.ecoscentric.com/ecos/examples.shtml
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.erlang.org/doc/man/inets.html
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.eterlogic.com/Products.VSPE.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.everyhue.com/vanilla/discussion/112/other-open-ports-on-the-bridge/p1
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.ex-parrot.com/~chris/tpop3d/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.exploit-db.com/exploits/1244/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.exploit-db.com/exploits/13850/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.exploit-db.com/exploits/15130/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.exploit-db.com/exploits/15449/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.exploit-db.com/exploits/16103/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.exploit-db.com/exploits/17324/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.exploit-db.com/exploits/1997/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.exploit-db.com/exploits/30085/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.fastpath.it/products/palantir/index.php
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.feross.org/cmsploit/.
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp	String found in binary or memory: http://www.filemaker.com/ti/104289.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.fontconfig.org/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.foxgate.ua/downloads/FoxGate%20S6224-S2%20user%20manual.pdf
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.freetype.org
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.freetype.org/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.frozen-bubble.org/servers/servers.php
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.fukt.bth.se/~per/identd
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.galaxysys.com/data/docs/SG%20Software%20User%20Guide%20%2810.4%29.pdf
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.gdsatcom.com/cte_r8000b.php
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.getingeasia.com/products/healthcare-products/traceability-asset-management/t-doc-2000
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.gnu.org/software/gettext/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.gnu.org/software/libiconv/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-open-proxy.nse.0.dr	String found in binary or memory: http://www.google.com
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.gtk.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.hazelcast.com/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.iana.org/assignments/enterprise-numbers
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, broadcast-igmp-discovery.nse.0.dr	String found in binary or memory: http://www.iana.org/assignments/multicast-addresses/multicast-addresses.xml
Source: nmap-protocols.0.dr	String found in binary or memory: http://www.iana.org/assignments/protocol-numbers
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.ibm.com/developerworks/systems/library/es-nweb/index.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.icbevr.com/ibank/ibank2/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.ietf.org/internet-drafts/draft-martin-managesieve-04.txt
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.ietf.org/rfc/rfc3080.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.ietf.org/rfc/rfc4892.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.ietf.org/rfc/rfc5001.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.ijg.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.imperva.com/resources/glossary/http_verb_tampering.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp	String found in binary or memory: http://www.inside-security.de/fw1_rdp_poc.html
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.jabaco.org/board/p2043-orpg-in-jabaco-applet.html#post2043
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-exif-spider.nse.0.dr	String found in binary or memory: http://www.javaop.com/Nationalmuseum.jpg
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-exif-spider.nse.0.dr	String found in binary or memory: http://www.javaop.com/topleft.jpg
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.kb.cert.org/vuls/id/154421
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.kb.cert.org/vuls/id/787932
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.libpng.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.librelp.com/relp.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.libtiff.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.lua.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.macports.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.macromedia.com/2005/amfx
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-drupal-enum-users.nse.0.dr	String found in binary or memory: http://www.madirish.net/node/465
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.marss.eu/app/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.masnun.com/2014/02/23/using-phpstorm-from-command-line.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.metasploit.com/modules/exploit/freebsd/ftp/proftp_telnet_iac
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.mj2.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.mkit.com.ar/labs/htexploit/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.mobilemouse.com/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.monetdb.org/Documentation/monetdbd
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.mongodb.org/display/DOCS/Mongo
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.monkeyz.eu/projects/netsoul_spec.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.mozilla.org/MPL/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.nazgul.ch/dev_nostromo.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.openssl.org/
Source: 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.openssl.org/)
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, libeay32.dll.0.dr	String found in binary or memory: http://www.openssl.org/V
Source: libeay32.dll.0.dr	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.openwall.com/lists/oss-security/2014/09/24/10
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, ajp-methods.nse.0.dr	String found in binary or memory: http://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_%28OWASP-CM-008%29
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.papouch.com/shop/scripts/soft/tmedotnet/readme.asp
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.pcre.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.phy.duke.edu/~rgb/brahma/Resources/xmlsysd.php
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.postcastserver.com/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.privoxy.org
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.psc.edu/index.php/hpn-ssh
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.pygtk.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.python.org/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.qosient.com/argus/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.rabbitmq.com/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.rabbitmq.com/extensions.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.rapid7.com/db/modules/auxiliary/admin/webmin/file_disclosure
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.rfc-editor.org/rfc/rfc1035.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.robtex.com/dns/.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.security-assessment.com/files/advisories/2010-02-22_Multiple_Adobe_Products-XML_External_
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.securityfocus.com/bid/37351
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.securityfocus.com/bid/70595
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.skullsecurity.org/blog/?p=271
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.slimdevices.com
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-feed.nse.0.dr	String found in binary or memory: http://www.some-random-page.com/2011/11/20/feed/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-feed.nse.0.dr	String found in binary or memory: http://www.some-random-page.com/2011/12/04/feed/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-feed.nse.0.dr	String found in binary or memory: http://www.some-random-page.com/category/animalsfeed/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-feed.nse.0.dr	String found in binary or memory: http://www.some-random-page.com/comments/feed/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-feed.nse.0.dr	String found in binary or memory: http://www.some-random-page.com/feed/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.sorbs.net/lookup.shtml?1.2.3.4
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.space-walrus.com/games/Minebuilder
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.sqlite.org/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.st.rim.or.jp/~nakata/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, daap-get-library.nse.0.dr	String found in binary or memory: http://www.tapjam.net/daap/.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.tcpdump.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.team-cymru.org/Services/ip-to-asn.html#dns.
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp	String found in binary or memory: http://www.teamviewer.com/en/help/334-Which-ports-are-used-by-TeamViewer.aspx
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, broadcast-tellstick-discover.nse.0.dr	String found in binary or memory: http://www.telldus.com/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.tmail.spb.ru/index-19.htm
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.tty1.net/smtp-survey/measurement_en.html
Source: nmap-service-probes.0.dr	String found in binary or memory: http://www.ubicom.com/home.htm
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.usefulutilities.com
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.virustotal.com
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.webappsec.org/projects/articles/071105.shtml
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.dr	String found in binary or memory: http://www.winimage.com/zLibDll
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.dr	String found in binary or memory: http://www.winimage.com/zLibDll0s
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.winpcap.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.winpcap.org/misc/copyright.htm.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-apache-negotiation.nse.0.dr	String found in binary or memory: http://www.wisec.it/sectou.php?id=4698ebdc59d15
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.x.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://www.zerodayinitiative.com/advisories/ZDI-11-113/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://www.zlib.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: http://www.zytrax.com/books/dns/
Source: nmap-service-probes.0.dr	String found in binary or memory: http://xaxxon.slackworks.com/ehs/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: http://xbtt.sourceforge.net/udp_tracker_protocol.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, 3rd-party-licenses.txt.0.dr	String found in binary or memory: http://xmlsoft.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://android.googlesource.com/platform/system/core/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, bitcoinrpc-info.nse.0.dr	String found in binary or memory: https://bitcointalk.org/?topic=1327.0
Source: nmap-service-probes.0.dr	String found in binary or memory: https://bitcointalk.org/index.php?topic=55852.0
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-apache-server-status.nse.0.dr	String found in binary or memory: https://blog.sucuri.net/2012/10/popular-sites-with-apache-server-status-enabled.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://bugs.torproject.org/16861
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://bugs.torproject.org/7351
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://bugzilla.clamav.net/show_bug.cgi?id=11585
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://code.google.com/p/domxsswiki/wiki/LocationSources
Source: nmap-service-probes.0.dr	String found in binary or memory: https://community.oracle.com/thread/1906656?start=0&tstart=0
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-slowloris-check.nse.0.dr	String found in binary or memory: https://community.qualys.com/blogs/securitylabs/2011/07/07/identifying-slow-http-attack-vulnerabilit
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://community.rapid7.com/community/metasploit/blog/2013/01/10/exploiting-ruby-on-rails-with-meta
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://community.rapid7.com/docs/DOC-1516
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://computing.llnl.gov/linux/slurm/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://cr.yp.to/ftp/syst.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://crt.sh).
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2687
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1938
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4221
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2861
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://developer.jboss.org/wiki/Mod-ClusterManagementProtocol
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://distcc.github.io/security.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://dnscurve.org/nsec3walker.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://docs.docker.com/reference/api/docker_remote_api/
Source: nmap-service-probes.0.dr	String found in binary or memory: https://docs.oracle.com/javase/6/docs/platform/serialization/spec/protocol.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://docs.oracle.com/javase/9/docs/specs/rmi/protocol.html
Source: nmap-service-probes.0.dr	String found in binary or memory: https://en.bitcoin.it/wiki/BIP_0014
Source: nmap-service-probes.0.dr	String found in binary or memory: https://en.bitcoin.it/wiki/BIP_0037#Extensions_to_existing_messages
Source: nmap-service-probes.0.dr	String found in binary or memory: https://en.bitcoin.it/wiki/BIP_0060
Source: nmap-service-probes.0.dr	String found in binary or memory: https://en.bitcoin.it/wiki/Changelog
Source: nmap-service-probes.0.dr	String found in binary or memory: https://en.bitcoin.it/wiki/Protocol_specification#Message_structure
Source: nmap-service-probes.0.dr	String found in binary or memory: https://en.bitcoin.it/wiki/Protocol_specification#version
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://foobar.target.se:443/redirect.php?url=http%3A%2f%2fscanme.nmap.org%2f
Source: nmap-service-probes.0.dr	String found in binary or memory: https://git.torproject.org/checkout/tor/master/doc/spec/dir-spec.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://github.com/Ayms/node-Tor
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/UnaPibaGeek/ctfr.git)
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://github.com/ael-code/daikin-control
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, enip-info.nse.0.dr	String found in binary or memory: https://github.com/avsej/wireshark/blob/master/epan/dissectors/packet-enip.c
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://github.com/clementine-player/Android-Remote/wiki/Developer-Documentation
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://github.com/cobyism/edimax-br-6528n/blob/master/AP/RTL8196C_1200/mp-daemon/UDPserver.c
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, broadcast-hid-discoveryd.nse.0.dr	String found in binary or memory: https://github.com/coldfusion39/VertXploit
Source: nmap-service-probes.0.dr	String found in binary or memory: https://github.com/elvanderb/TCP-32764
Source: nmap-service-probes.0.dr	String found in binary or memory: https://github.com/elvanderb/TCP-32764/issues/98
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://github.com/esnet/iperf/wiki/IperfProtocolStates#test-initiation
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-git.nse.0.dr	String found in binary or memory: https://github.com/github/gitignore
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://github.com/haiwen/ccnet
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/irsdl/IIS-ShortName-Scanner
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://github.com/kanaka/websockify
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-apache-server-status.nse.0.dr	String found in binary or memory: https://github.com/michenriksen/nmap-scripts
Source: nmap-service-probes.0.dr	String found in binary or memory: https://github.com/miracle2k/onkyo-eiscp/blob/master/eiscp-commands.yaml
Source: nmap-service-probes.0.dr	String found in binary or memory: https://github.com/ninjasphere/driver-go-chromecast
Source: nmap-service-probes.0.dr	String found in binary or memory: https://github.com/nmap/nmap/pull/1083
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, enip-info.nse.0.dr	String found in binary or memory: https://github.com/paperwork/pyenip)
Source: nmap-service-probes.0.dr	String found in binary or memory: https://github.com/quasar/QuasarRAT/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://github.com/quine/GoProGTFO
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp/vsftpd_234_back
Source: nmap-service-probes.0.dr	String found in binary or memory: https://github.com/rasteron/PyLime
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/sensepost/mainframe_brute).
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://github.com/tvdw/gotor
Source: nmap-service-probes.0.dr	String found in binary or memory: https://github.com/znc/znc/commit/087f01e99b9a1523a2962e05e4e878de0a41a367
Source: nmap-service-probes.0.dr	String found in binary or memory: https://gitweb.torproject.org/tor.git/tree/ChangeLog:
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://gitweb.torproject.org/torspec.git/tree/proposals/214-longer-circids.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://gitweb.torproject.org/torspec.git/tree/proposals/251-netflow-padding.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://gitweb.torproject.org/torspec.git/tree/proposals/254-padding-negotiation.txt
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://groups.google.com/forum/?fromgroups=#
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://help.sap.com/saphelp_nw73ehp1/helpdata/en/4a/5c004250995a6ae10000000a42189b/frameset.htm
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://issues.igniterealtime.org/browse/OF-811
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://lists.torproject.org/pipermail/tor-dev/2015-January/008135.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://m.some-very-random-website.com
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-exif-spider.nse.0.dr	String found in binary or memory: https://maps.google.com/maps?q=%s
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-exif-spider.nse.0.dr	String found in binary or memory: https://maps.google.com/maps?q=49.94125
Source: nmap-protocols.0.dr, nmap-service-probes.0.dr	String found in binary or memory: https://nmap.org
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp	String found in binary or memory: https://nmap.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://nmap.org/5/#5changes
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://nmap.org/5/#5changes:
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://nmap.org/book/install.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://nmap.org/book/install.html:
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://nmap.org/book/man-bugs.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://nmap.org/book/man-bugs.html:
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-git.nse.0.dr, cics-user-enum.nse.0.dr, nmap-service-probes.0.dr	String found in binary or memory: https://nmap.org/book/man-legal.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://nmap.org/book/nse.html)
Source: nmap-os-db.0.dr	String found in binary or memory: https://nmap.org/book/osdetect.html.
Source: nmap-service-probes.0.dr	String found in binary or memory: https://nmap.org/book/vscan-community.html
Source: nmap-service-probes.0.dr	String found in binary or memory: https://nmap.org/book/vscan.html.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://nmap.org/changelog.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://nmap.org/changelog.html:
Source: nmap-service-probes.0.dr	String found in binary or memory: https://nmap.org/data/COPYING
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://nmap.org/install/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-joomla-brute.nse.0.dr	String found in binary or memory: https://nmap.org/nsedoc/lib/brute.html)
Source: ajp-methods.nse.0.dr	String found in binary or memory: https://nmap.org/nsedoc/scripts/ajp-methods.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://nmap.org/r/fbsd-sa-opie.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://nmap.org/r/ms09-020.
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, nmap-os-db.0.dr	String found in binary or memory: https://nmap.org/submit/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, dns-client-subnet-scan.nse.0.dr	String found in binary or memory: https://nmap.org/svn/docs/licenses/BSD-simplified
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://nvd.nist.gov/cpe.cfm)
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://nvd.nist.gov/vuln/detail/CVE-2004-2687
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://nvd.nist.gov/vuln/detail/CVE-2010-2861
Source: nmap-service-probes.0.dr	String found in binary or memory: https://oss.oracle.com/projects/rds/dist/documentation/rds-3.1-spec.html
Source: nmap-service-probes.0.dr	String found in binary or memory: https://publib.boulder.ibm.com/infocenter/zos/v1r12/index.jsp?topic=%2Fcom.ibm.zos.r12.halc001%2Fmcc
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://sb-ssl.google.com/safebrowsing/api/lookup?client=%s&apikey=%s&appver=1.5.2&pver=3.0&url=%s
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://seclists.org/fulldisclosure/2011/Aug/175
Source: nmap-os-db.0.dr	String found in binary or memory: https://secure.airaya.com/proddetail.asp?prod=AI108-4958-O-300
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-jsonp-detection.nse.0.dr	String found in binary or memory: https://securitycafe.ro/2017/01/18/practical-jsonp-injection/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://spec.torproject.org/torspec
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://support.f5.com/csp/article/K6917
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://support.f5.com/kb/en-us/solutions/public/14000/800/sol14815.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, broadcast-sonicwall-discover.nse.0.dr	String found in binary or memory: https://support.software.dell.com/kb/sw3677)
Source: nmap-service-probes.0.dr	String found in binary or memory: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/http/http_protocol.c
Source: http-svn-info.nse.0.dr	String found in binary or memory: https://svn.nmap.org
Source: http-svn-info.nse.0.dr	String found in binary or memory: https://svn.nmap.org/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://svn.nmap.org/nmap-exp/gyani/misc/drupal-update.py
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp	String found in binary or memory: https://svn.nmap.org/nmap/COPYING
Source: nmap-7.80-setup.exe, 00000000.00000003.4342889325.00000000006D3000.00000004.00000001.sdmp	String found in binary or memory: https://svn.nmap.org/nmap/COPYING)
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-eastlake-kitchen-sink-02
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6690
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6698
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7252
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, dns-client-subnet-scan.nse.0.dr	String found in binary or memory: https://tools.ietf.org/html/rfc7871
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://twitter.com/nitr0usmx/status/740673507684679680
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3704
Source: nmap-service-probes.0.dr	String found in binary or memory: https://wiki.freenetproject.org/FCPv2
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://wiki.jenkins.io/display/JENKINS/Auto-discovering
Source: nmap-service-probes.0.dr	String found in binary or memory: https://wiki.wireshark.org/OpenFlow
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www-01.ibm.com/support/knowledgecenter/SSGMCP_5.2.0/com.ibm.cics.ts.systemprogramming.doc/to
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, zlibwapi.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, dns-random-srcport.nse.0.dr	String found in binary or memory: https://www.dns-oarc.net/oarc/services/porttest).
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.dns-oarc.net/oarc/services/txidtest).
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.drupal.org/SA-CORE-2014-005
Source: nmap-service-probes.0.dr	String found in binary or memory: https://www.eso.org/projects/dfs/dfs-shared/web/ngas/;
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.exploit-db.com/exploits/12721/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, http-apache-server-status.nse.0.dr	String found in binary or memory: https://www.exploit-db.com/ghdb/1355/
Source: nmap-service-probes.0.dr	String found in binary or memory: https://www.google.com/patents/US20070250671
Source: nmap-service-probes.0.dr	String found in binary or memory: https://www.kernel.org/pub/software/admin/mon/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://www.linuxsampler.org/api/draft-linuxsampler-protocol.html
Source: nmap-service-probes.0.dr	String found in binary or memory: https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=733
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.owasp.org/index.php/OWASP_Secure_Headers_Project
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.owasp.org/index.php/Test_RIA_cross_domain_policy_%28OTG-CONFIG-008%29
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_%28OWASP-CM-008%29
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://www.reddit.com/r/telnet/comments/4i3w20/found_vizio_m55c3_telnet_access/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.robtex.com/en/advisory/ip/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.robtex.com/ip-lookup/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.robtex.com/ip-lookup/).
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.securityfocus.com/archive/1/523424
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.securityfocus.com/bid/38197
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.securityfocus.com/bid/40343
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.securityfocus.com/bid/40403
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.securityfocus.com/bid/42342
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.securityfocus.com/bid/44562
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.securityfocus.com/bid/48539
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.securityfocus.com/bid/49303
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.securityfocus.com/bid/49957
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://www.sharxsecurity.com/products.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.ssa.gov/history/ssn/misused.html
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://www.synology.com/en-us/knowledgebase/DSM/tutorial/General/What_network_ports_are_used_by_Syn
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	String found in binary or memory: https://www.systutorials.com/docs/linux/man/8-rotctld/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.team-cymru.org/Services/ip-to-asn.html)
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.tenable.com/plugins/nessus/48340
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.tenable.com/plugins/nessus/55976
Source: nmap-service-probes.0.dr	String found in binary or memory: https://www.trendnet.com/kb/kbp_viewquestion.asp?ToDo=view&questId=1350&catId=516
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://www.virustotal.com/file/275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f/ana
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	String found in binary or memory: https://zeustracker.abuse.ch/ztdns.php

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Contains functionality for read data from the clipboard

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe

Code function: 0_2_0040514B GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_0040514B

System Summary:

Contains functionality to shutdown / reboot the system

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe

Code function: 0_2_0040326C EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,ReadCabinetState,ReadCabinetState,ReadCabinetState,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,

0_2_0040326C

Detected potential crypto function

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	Code function: 0_2_0040495C		0_2_0040495C
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	Code function: 0_2_0040635D		0_2_0040635D

PE file contains strange resources

Show sources

Source: nmap-7.80-setup.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: nmap-7.80-setup.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: nmap-7.80-setup.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Sample file is different than original file name gathered from version info

Show sources

Source: nmap-7.80-setup.exe, 00000000.00000002.4755105503.00000000001E0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameOLEACCRC.DLLj% vs nmap-7.80-setup.exe
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamenmap.exe* vs nmap-7.80-setup.exe
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamezlibwapi.dll2 vs nmap-7.80-setup.exe
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamelibeay32.dllH vs nmap-7.80-setup.exe
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamessleay32.dllH vs nmap-7.80-setup.exe
Source: nmap-7.80-setup.exe, 00000000.00000002.4760743215.0000000003130000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameuser32j% vs nmap-7.80-setup.exe
Source: nmap-7.80-setup.exe, 00000000.00000002.4760837232.0000000003340000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameimageres.DLL.MUIj% vs nmap-7.80-setup.exe
Source: nmap-7.80-setup.exe, 00000000.00000002.4768021527.00000000056F0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameimageres.DLLj% vs nmap-7.80-setup.exe

Yara signature match

Show sources

Source: C:\Program Files (x86)\Nmap\nmap.exe, type: DROPPED	Matched rule: iKAT_tools_nmap date = 05.11.14, author = Florian Roth, description = Generic rule for NMAP - based on NMAP 4 standalone, license = https://creativecommons.org/licenses/by-nc/4.0/, score = http://ikat.ha.cked.net/Windows/functions/ikatfiles.html, hash = d0543f365df61e6ebb5e345943577cc40fca8682
Source: C:\Users\user\AppData\Local\Temp\nsi8931.tmp, type: DROPPED	Matched rule: iKAT_tools_nmap date = 05.11.14, author = Florian Roth, description = Generic rule for NMAP - based on NMAP 4 standalone, license = https://creativecommons.org/licenses/by-nc/4.0/, score = http://ikat.ha.cked.net/Windows/functions/ikatfiles.html, hash = d0543f365df61e6ebb5e345943577cc40fca8682

Binary contains paths to development resources

Show sources

Source: nmap-7.80-setup.exe

Binary or memory string: .SlN`

Classification label

Show sources

Source: classification engine

Classification label: sus24.troj.evad.winEXE@1/289@0/0

Contains functionality to check free disk space

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe

Code function: 0_2_0040441B GetDlgItem,SetWindowTextA,SHAutoComplete,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_0040441B

Contains functionality to instantiate COM classes

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe

Code function: 0_2_00402053 CoCreateInstance,MultiByteToWideChar,

0_2_00402053

Creates files inside the program directory

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe

File created: C:\Program Files (x86)\Nmap

Jump to behavior

Creates temporary files

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe

File created: C:\Users\user\AppData\Local\Temp\nsi8894.tmp

Jump to behavior

PE file has an executable .text section and no other executable section

Show sources

Source: nmap-7.80-setup.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Reads ini files

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe

File read: C:\Users\desktop.ini

Jump to behavior

Reads software policies

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Sample reads its own file content

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe

File read: C:\Users\user\Desktop\nmap-7.80-setup.exe

Jump to behavior

Uses an in-process (OLE) Automation server

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Writes ini files

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe

File written: C:\Users\user\AppData\Local\Temp\nsi8932.tmp\shortcuts.ini

Jump to behavior

Found GUI installer (many successful clicks)

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	Automated click: I Agree
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	Automated click: Next >
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	Automated click: Install

Found installer window with terms and condition text

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe

Window detected: I &AgreeCancelNullsoft Install System v2.51 Nullsoft Install System v2.51License AgreementPlease review the license terms before installing Nmap.Press Page Down to see the rest of the agreement.COPYING -- Describes the terms under which Nmap is distributed.IMPORTANT NMAP LICENSE TERMSThe Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap Project"). Nmap is also a registered trademark of the Nmap Project. This program is free software; you may redistribute and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; Version 2 ("GPL") BUT ONLY WITH ALL OF THE CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN. This guarantees your right to use modify and redistribute this software under certain conditions. If you wish to embed Nmap technology into proprietary software we sell alternative licenses (contact sales@nmap.com). Dozens of software vendors already license Nmap technology such as host discovery port scanning OS detection version detection and the Nmap Scripting Engine.Note that the GPL places important restrictions on "derivative works" yet it does not provide a detailed definition of that term. To avoid misunderstandings we interpret that term as broadly as copyright law allows. For example we consider an application to constitute a derivative work for the purpose of this license if it does any of the following with any software or content covered by this license ("Covered Software"):o Integrates source code from Covered Software.o Reads or includes copyrighted data files such as Nmap's nmap-os-db or nmap-service-probes.o Is designed specifically to execute Covered Software and parse the results (as opposed to typical shell or execution-menu apps which will execute anything you tell them to).o Includes Covered Software in a proprietary executable installer. The installers produced by InstallShield are an example of this. Including Nmap with other software in compressed or archival form does not trigger this provision provided appropriate open source decompression or de-archiving software is widely available for no charge. For the purposes of this license an installer is considered to include Covered Software even if it actually retrieves a copy of Covered Software from another source during runtime (such as by downloading it from the Internet).o Links (statically or dynamically) to a library which does any of the above.o Executes a helper program module or script to do any of the above.This list is not exclusive but is meant to clarify our interpretation of derived works with some common examples. Other people may interpret the plain GPL differently so we consider this a special exception to the GPL that we apply to Covered Software. Works which meet any of these conditions must conform to all of the terms of this license particularly including the GPL Section 3 requirements of providing source code and allowing free redistribution of the work as a whole.As another sp

PE / OLE file has a valid certificate

Show sources

Source: nmap-7.80-setup.exe

Static PE information: certificate valid

Submission file is bigger than most known malware samples

Show sources

Source: nmap-7.80-setup.exe

Static file information: File size 26922800 > 1048576

Binary contains paths to debug symbols

Show sources

Source:	Binary string: C:\cygwin\home\nmap\openssl-1.0.2s\out32dll\ssleay32.pdb source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp
Source:	Binary string: C:\cygwin\home\nmap\openssl-1.0.2s\out32dll\ssleay32.pdbAA source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp
Source:	Binary string: C:\cygwin\home\nmap\nmap-7.80\libssh2\win32\Release_dll\libssh2.pdb source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp
Source:	Binary string: C:\cygwin\home\nmap\openssl-1.0.2s\out32dll\libeay32.pdb source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp, libeay32.dll.0.dr
Source:	Binary string: C:\cygwin\home\nmap\nmap-7.80\libssh2\win32\Release_dll\libssh2.pdb$$ source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp

Data Obfuscation:

PE file contains an invalid checksum

Show sources

Source: nmap-7.80-setup.exe

Static PE information: real checksum: 0x19b96f8 should be:

Persistence and Installation Behavior:

Drops PE files

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	File created: C:\Program Files (x86)\Nmap\nmap.exe	Jump to dropped file
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	File created: C:\Program Files (x86)\Nmap\zlibwapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	File created: C:\Program Files (x86)\Nmap\libssh2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	File created: C:\Program Files (x86)\Nmap\libeay32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	File created: C:\Program Files (x86)\Nmap\ssleay32.dll	Jump to dropped file

Creates license or readme file

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	File created: C:\Program Files (x86)\Nmap\3rd-party-licenses.txt	Jump to behavior
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	File created: C:\Program Files (x86)\Nmap\licenses\LIBLINEAR-license.txt	Jump to behavior
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	File created: C:\Program Files (x86)\Nmap\licenses\Libdnet-license.txt	Jump to behavior
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	File created: C:\Program Files (x86)\Nmap\licenses\Lua-license.txt	Jump to behavior
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	File created: C:\Program Files (x86)\Nmap\licenses\OpenSSL-license.txt	Jump to behavior
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	File created: C:\Program Files (x86)\Nmap\licenses\PCRE-license.txt	Jump to behavior
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	File created: C:\Program Files (x86)\Nmap\licenses\WinPcap-license.txt	Jump to behavior
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	File created: C:\Program Files (x86)\Nmap\licenses\zlib-license.txt	Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Disables application error messsages (SetErrorMode)

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion:

Contain functionality to detect virtual machines

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	Code function: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse Error opening file for writing: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nseClick Abort to stop the installation,Retry to try again, orIgnore to skip this file. Error opening file for writing: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nseClick Abort to stop the installation,Retry to try again, orIgnore to skip this file. C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse	0_2_00401751
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	Code function: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse	0_2_00401B23
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	Code function: Error opening file for writing: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nseClick Abort to stop the installation,Retry to try again, orIgnore to skip this file. Error opening file for writing: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nseClick Abort to stop the installation,Retry to try again, orIgnore to skip this file.	0_2_004024F1

Contains capabilities to detect virtual machines

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe

File opened / queried: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse

Jump to behavior

Found dropped PE file which has not been started or loaded

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Nmap\nmap.exe	Jump to dropped file
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Nmap\zlibwapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Nmap\libssh2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Nmap\libeay32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Nmap\ssleay32.dll	Jump to dropped file

Checks the free space of harddrives

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	File Volume queried: C:\Program Files (x86) FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	File Volume queried: C:\Program Files (x86) FullSizeInformation			Jump to behavior

Contains functionality to enumerate / list files inside a directory

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	Code function: 0_2_00405646 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_00405646
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	Code function: 0_2_0040601C FindFirstFileA,FindClose,	0_2_0040601C
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	Code function: 0_2_00402671 FindFirstFileA,	0_2_00402671

May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)

Show sources

Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 501 Not Implemented\r\nDate: .* GMT\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 54\r\n\r\n<HTML><BODY><H1>501 Not Implemented</H1></BODY></HTML>$\| p/VMware ESXi 4.1 Server httpd/ cpe:/o:vmware:esxi:4.1/
Source: nmap-service-probes.0.dr	Binary or memory string: match vmware-print m\|^\r\0\0+$\| p/VMware virtual printing service/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	Binary or memory string: table.insert(response, "VMWare path traversal (CVE-2009-3733): VULNERABLE")
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	Binary or memory string: -- \| copyright: Copyright (C) 2007-2011 VMware, Inc.
Source: nmap-service-probes.0.dr	Binary or memory string: match ssl/vmware-auth m\|^220 VMware Authentication Daemon Version (\d[-.\w]+): SSL [rR]equired, MKSDisplayProtocol:VNC(?: ,)? \r\n\| p/VMware Authentication Daemon/ v/$1/ i/Uses VNC/
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)?Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=[0-9A-F]+; Path=/; Secure; HttpOnly\r\n.<title>VMwareView Portal</title>\|s p/VMware View Manager httpd/
Source: nmap-service-probes.0.dr	Binary or memory string: # Vmware ESX 1.5.x Client Agent for Linux -- WAIT - I think this is erronous and is actually smux
Source: nmap-service-probes.0.dr	Binary or memory string: # VMware has a buch of different auth settings so this gets messy
Source: nmap-service-probes.0.dr	Binary or memory string: match ssl/vmware-auth m\|^220 VMware Authentication Daemon Version (\d[-.\w]+): SSL Required\r\n\| p/VMware Authentication Daemon/ v/$1/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	Binary or memory string: -- \| /mnt/vmware/vmware/FreeBSD 7.2/FreeBSD 7.2.vmx
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w._-]+):(\d+)/\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 56\r\n\r\n<HTML><BODY><H1>301 Moved Permanently</H1></BODY></HTML>$\| p/VMware vCenter Converter httpd/ i\|redirect to tcp/$2\| h/$1/
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 505 HTTP Version Not Supported\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>VMware Horizon View</title>\r\n\| p/VMware Horizon View/ cpe:/a:vmware:horizon_view/
Source: nmap-service-probes.0.dr	Binary or memory string: match vmware-auth m\|^220 VMware Authentication Daemon Version (\d[-.\w]+).*\r\n530 Please login with USER and PASS\.\r\n\|s p/VMware Authentication Daemon/ v/$1/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	Binary or memory string: -- \| VMWare path traversal (CVE-2009-3733): VULNERABLE
Source: nmap-service-probes.0.dr	Binary or memory string: match ssl/vmware-auth m=^220 VMware Authentication Daemon Version (\d[-.\w]+): SSL Required, ServerDaemonProtocol:(SOAP\|IPC), MKSDisplayProtocol:VNC= p/VMware Authentication Daemon/ v/$1/ i/Uses VNC, $2/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	Binary or memory string: result, body = get_file(host, port, "/etc/vmware/hostd/vmInventory.xml");
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 505 HTTP Version Not Supported\r\n.*<title>VMware View</title>\|s p/VMware ESX Server httpd/ cpe:/o:vmware:esx/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	Binary or memory string: Checks for a path-traversal vulnerability in VMWare ESX, ESXi, and Server (CVE-2009-3733).
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	Binary or memory string: -- \| /mnt/vmware/vmware/FreeBSD 8.0 64-bit/FreeBSD 8.0 64-bit.vmx
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp	Binary or memory string: vmnet175/tcp0.000000
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w._-]+)/\r\nConnection: close\r\nContent-Length: 0\r\n\r\n$\| p/VMware ESX 3.5 Server httpd/ h/$1/ cpe:/o:vmware:esx:3.5/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp	Binary or memory string: mshvlm6600/tcp0.000152# Microsoft Hyper-V Live Migration
Source: nmap-7.80-setup.exe, 00000000.00000002.4755186020.0000000000409000.00000004.00020000.sdmp	Binary or memory string: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nseg.nsee.nse
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]+\r\n(?:Connection: \S+)?\r\nContent-Type: text/html\r\n(?:X-Frame-Options: DENY\r\n)?Content-Length: \d+\r\n\r\n.*<meta name="description" content="VMware Converter">\|s p/VMware vCenter Converter httpd/ v/4/
Source: nmap-service-probes.0.dr	Binary or memory string: match vmware-auth m=^220 VMware Authentication Daemon Version (\d[-.\w]+), ServerDaemonProtocol:(SOAP\|IPC), MKSDisplayProtocol:VNC= p/VMware Authentication Daemon/ v/$1/ i/Uses VNC, $2/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	Binary or memory string: --local function parse_vmware_conf(str, field)
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 200 OK\r\n.*\r\n<title>Welcome to VMware VirtualCenter ([\d.]+)</title>\|s p/VMware VirtualCenter httpd/ v/$1/
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 200 OK\r\ncache-control: no-cache\r\nContent-Length: \d+\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=[0-9A-F]+; Path=/; Secure.*<title>VMware View Portal</title>\|s p/VMware View Manager httpd/
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 404 Not Found\r\nDate: .* GMT\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>VMware View</title>\| p/VMware View Manager httpd/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	Binary or memory string: -- \| /vmware/Windows 2003/Windows 2003.vmx
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 404 Not Found\r\n(?:[^\r\n]+\r\n)?Expires: Thu, 01-Jan-1970 00:00:00 GMT\r\n.<title>VMware vCloud Director</title>\|s p/VMware vCloud Director/ cpe:/a:vmware:vcloud_director/
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 200 OK\r\nContent-Language: en-US\r\nContent-Length: \d+\r\nX-FRAME-OPTIONS: SAMEORIGIN\r\nSet-Cookie: JSESSIONID=[A-F\d]{32}; Path=/; Secure; HttpOnly\r\nContent-Type: text/html;charset=UTF-8\r\nStrict-Transport-Security: max-age=31536000\r\n\r\n\r\n\r\n<!DOCTYPE html>\r\n<html lang="en">\r\n<head>\r\n <meta charset="utf-8">\r\n <meta http-equiv="X-UA-Compatible" content="IE=edge">\r\n <title>VMware Horizon</title>\| p/VMware Horizon/ cpe:/a:vmware:horizon/
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]+\r\n(?:Connection: \S+)?\r\nContent-Type: text/html\r\n(?:X-Frame-Options: DENY\r\n)?Content-Length: \d+\r\n\r\n.*<meta name="description" content="VMware vSphere\|s p/VMware vSphere http config/
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp, nmap-service-probes.0.dr	Binary or memory string: match qemu-vlan m\|^\0\0\0qj\x81n0\x81k\xa1\x03\x02\x01\x05\xa2\x03\x02\x01\n\xa4\x81\^0\\\xa0\x07\x03\x05\0P\x80\0\x10\xa2\x04\x1b\x02NM\xa3\x170\x15\xa0\x03\x02\x01\0\xa1\x0e0\x0c\x1b\x06krbtgt\x1b\x02NM\xa5\x11\x18\x0f19700101000000Z\| p/QEMU VLAN listener/ cpe:/a:qemu:qemu/
Source: nmap-service-probes.0.dr	Binary or memory string: match ldap m\|^0\x82\x05.\x02\x01.vmwPlatformServicesControllerVersion1\x07\x04\x05([\d.]+)0.\x04.\nserverName1.\x04.cn=([^,.]+)\|s p/VMware vCenter or PSC LDAP/ v/PSCv $1/ h/$2/ cpe:/a:vmware:server/
Source: nmap-service-probes.0.dr	Binary or memory string: # Seen for OpenPegasus, VMware ESX CIM server, Microsoft SCX CIM Server.
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 \d\d\d .content=\"VMware Server is virtual infrastructure software.\n\n<title>VMware Server ([-\w_.]+)</title>\|s p/VMware Server http config/ v/$1/ cpe:/a:vmware:server:$1/
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 400 Bad Request\r\nServer: sfcHttpd\r\nContent-Length: 0\r\n\r\n$\| p/sfcHttpd/ i/VMware Studio VAMI CIM broker/
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 403 Forbidden\r\nDate: .* GMT\r\nConnection: close\r\nContent-Type: text; charset=plain\r\nContent-Length: 0\r\n\r\n$\| p/VMware VirtualCenter Web service/
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nDate: .*\r\n\r\nMissing route token in request\| p/VMware Horizon View/ cpe:/a:vmware:horizon_view/
Source: nmap-service-probes.0.dr	Binary or memory string: match vmware-aam m\|^\0\0..\x01\0\0\0\x03\x03\x01\x03@\xe4\x01\x02\0..\0\xfe\xff\xff\xff\0\0d\0\0..\0\xfe\xff\xff\xff\0\0d\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x14\0\0\0\x8fd\0\0...\t\0\0\0\0.\0\0\0.\0\0\0..\0\0.\0\0\0\x6b\x1f\0\0\0\0\0\0\x02\0\0\0\x8fc\0\0...\t\0\0\0\0\.\0\0\0\0\0\0\0\| p/VMware Automated Availability Manager/
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 200 OK\r\nDate: [^\r\n]+\r\n(?:Connection: \S+)?\r\nContent-Type: text/html\r\n(?:X-Frame-Options: DENY\r\n)?Content-Length: \d+\r\n\r\n.*<meta name="description" content="VMware vCenter Converter Standalone">\|s p/VMware vCenter Converter httpd/ v/4.3/
Source: nmap-service-probes.0.dr	Binary or memory string: # VMware vSphere (VMware workstation 8.0.2 build-591240)
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 50\r\n\r\n<HTML><BODY><H1>400 Bad Request</H1></BODY></HTML>$\| p/VMware Server http config/ cpe:/a:vmware:server/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	Binary or memory string: -- \| http-vmware-path-vuln:
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 200 OK\r\nDate: .*\r\nConnection: close\r\nContent-Type: text/html\r\nX-Frame-Options: DENY\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01//EN" "http://www\.w3\.org/TR/html4/strict\.dtd">\n\n<html lang="en">\n<head>\n <meta http-equiv="content-type" content="text/html; charset=utf8">\n <meta http-equiv="refresh" content="0;URL='/ui'"/>\n</head>\n</html>\n\| p/VMware ESXi Web UI/ cpe:/o:vmware:esxi/
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 200 OK\r\nDate:.*<title>Welcome to VMware ESX Server ([\d.]+)</title>\n\n\|s p/VMware ESX Server httpd/ v/$1/ cpe:/o:vmware:esx:$1/
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 200 OK\r\nContent-Language: en-US\r\nContent-Length: \d+\r\nSet-Cookie: JSESSIONID=[A-F\d]{32}; Path=/; Secure; HttpOnly\r\nContent-Type: text/html;charset=UTF-8\r\n(?:Strict-Transport-Security: max-age=31536000\r\n)?\r\n\r\r\n\r\r\n<!DOCTYPE html>\r\r\n<html lang="en">\r\r\n<head>\r\r\n <meta charset="utf-8">\r\r\n <meta http-equiv="X-UA-Compatible" content="IE=edge">\r\r\n <title>VMware Horizon View</title>\| p/VMware Horizon View/ cpe:/a:vmware:horizon_view/
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nConnection: close\r\nContent-Type: text; charset=plain\r\nContent-Length: 16\r\n\r\ninvalid value 0 $\| p/VMware hostd httpd/
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 200 OK\r\n.*VMware Server provides a virtual machine platform, which can be managed by VMware VirtualCenter Server\.\">\r\n\r\n<title>VMware Server 2</title>\|s p/VMware Server http config/ v/2/ cpe:/a:vmware:server:2/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	Binary or memory string: -- \| /mnt/vmware/vmware/FreeBSD 8.0/FreeBSD 8.0.vmx
Source: nmap-service-probes.0.dr	Binary or memory string: match afp m\|^\x01\x03\0\0........\0\0\0\0........\x8f\xfb.([^\0\x01]+)[\0\x01].\tVMware7,1\x04\x06AFP3\.3\x06AFP3\.2\x06AFP3\.1\x06AFPX03.\tDHCAST128\x04DHX2\x06Recon1\rClient\x20Krb\x20v2\0\0.[\x04\x05]([\w.-]+)\x01.afpserver/([\w.@-]+)\0\|s p/Apple AFP/ i/name: $1; afpserver: $3; protocol 3.1; Mac OS X 10.6.3/ o/Mac OS X/ h/$2/ cpe:/a:apple:afp_server/a cpe:/o:apple:mac_os_x/a
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	Binary or memory string: -- \|_ /mnt/vmware/vmware/Slackware 13 32-bit/Slackware 13 32-bit.vmx
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w_.-]+)/nice%20ports%2C/Tri%6Eity\.txt%2ebak\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 56\r\n\r\n<HTML><BODY><H1>301 Moved Permanently</H1></BODY></HTML>$\| p/VMware ESX 4.0 Server httpd/ h/$1/ cpe:/o:vmware:esx:4.0/
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 200 OK\r\nDate: .*document\.write\(\"<title>\" \+ ID_EE?SX_Welcome \+ \"</title>\|s p/VMware ESXi Server httpd/ cpe:/o:vmware:esxi/
Source: nmap-service-probes.0.dr	Binary or memory string: match ssl m\|^\x16\x03\0\0\\x02\0\0&\x03.vCenterServer_([\w._-]+)\|s p/VMware ESXi Server httpd/ v/$1/ cpe:/o:vmware:esxi:$1/
Source: nmap-7.80-setup.exe	Binary or memory string: Error opening file for writing: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse Click Abort to stop the installation, Retry to try again, or Ignore to skip this file.
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 200 200\r\nSet-Cookie: JSESSIONID=[A-F\d]{32};path=/;Secure;HttpOnly\r\nContent-Length: \d+\r\nContent-Language: en-US\r\nContent-Type: text/html;charset=UTF-8\r\n#status#: HTTP/1\.1 200 OK\r\nStrict-Transport-Security: max-age=31536000\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: deny\r\nX-XSS-Protection: 1; mode=block\r\n\r\n\r\n\r\n\r\n<!DOCTYPE html>\r\n<html lang="en">\r\n<head>\r\n <meta charset="utf-8">\r\n <meta http-equiv="X-UA-Compatible" content="IE=edge">\r\n <title>VMware Horizon</title>\| p/VMware Horizon/ cpe:/a:vmware:horizon/
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 200 OK\r\n.document\.write$\"<title>\" \+ ID_VC_Welcome \+ \"</title>\"$;.<meta name=\"description\" content=\"VMware VirtualCenter\|s p/VMware Server http config/
Source: nmap-7.80-setup.exe	Binary or memory string: Error opening file for writing: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nseClick Abort to stop the installation,Retry to try again, orIgnore to skip this file.
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 307 Temporary Redirect\r\nLocation: https://([^:]+):443/\r\nDate: .*\r\nContent-Length: 1994\r\nContent-Type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>VMware Horizon</title>\| p/VMWare Horizon/ h/$1/ cpe:/a:vmware:horizon/
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 200 OK\r\n(?:[^\r\n]+\r\n)?Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=[0-9A-F]+; Path=/; Secure\r\n.<title>VMware View Portal</title>\|s p/VMware View Manager httpd/
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w._-]+)/\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 56\r\n\r\n<HTML><BODY><H1>301 Moved Permanently</H1></BODY></HTML>$\| p/VMware ESXi Server httpd/ h/$1/ cpe:/o:vmware:esxi/
Source: nmap-service-probes.0.dr	Binary or memory string: match ssl m\|^\x16\x03\0\0\\x02\0\0&\x03.\nCalifornia.\tPalo Alto.\x0cVMware, Inc\..*\x1bVMware Management Interface\|s p/VMware management interface SSLv3/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	Binary or memory string: -- \| /vmware/Pentest/Pentest - Linux/Linux Pentest Bravo.vmx
Source: nmap-7.80-setup.exe, 00000000.00000002.4755209936.000000000040F000.00000004.00020000.sdmp	Binary or memory string: http-vmware-path-vuln.nse
Source: nmap-7.80-setup.exe, 00000000.00000002.4757929659.0000000002841000.00000004.00000001.sdmp	Binary or memory string: vmnet175/udp0.000379
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	Binary or memory string: -- \| /vmware/Pentest/Pentest - Windows/Windows 2003.vmx
Source: nmap-service-probes.0.dr	Binary or memory string: match qemu-vlan m\|^\0\0\x01V\xff\xff\xff\xff\xff\xffRT\0\x124V\x08\0E.\x01H...\0.\x11..\0\0\0\0\xff\xff\xff\xff\0D\0C\x014.{1,2}\x01\x01\x06\0......\0{18}RT\0\x124V\0{202}c\x82Sc5\x01\|s p/QEMU VLAN listener/ cpe:/a:qemu:qemu/
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w.]+)/?\r\nConnection: close\r\nContent-Length: 0\r\n\r\n\|s p/VMware Server 2 http config/ h/$1/ cpe:/a:vmware:server:2/
Source: nmap-7.80-setup.exe	Binary or memory string: C:\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 307 Temporary Redirect\r\nLocation: https://[^/]+/\r\nDate: .*\r\nContent-Length: 1994\r\nContent-Type: text/html\r\n\r\n<html>\r\n<head>\r\n<title>VMware Horizon</title>\| p/VMWare Horizon/ cpe:/a:vmware:horizon/
Source: nmap-7.80-setup.exe, 00000000.00000002.4759212842.0000000002BE6000.00000004.00000001.sdmp	Binary or memory string: -- nmap --script http-vmware-path-vuln -p80,443,8222,8333 <host>
Source: nmap-service-probes.0.dr	Binary or memory string: match telnet m\|^\xff\xfb\x01\xff\xfb\x03\xff\xfb\0\xff\xfd\0QEMU ([\w._-]+) monitor - type 'help' for more information\r\n$qemu$ \| p/QEMU monitor telnetd/ v/$1/ cpe:/a:qemu:qemu:$1/
Source: nmap-7.80-setup.exe, 00000000.00000002.4755209936.000000000040F000.00000004.00020000.sdmp	Binary or memory string: http-vmware-path-vuln.nseg.nsee.nse32.tmp\final.iniini
Source: nmap-service-probes.0.dr	Binary or memory string: match afp m\|^\x01\x03\0\0........\0\0\0\0........\x9f\xf3.([^\0\x01]+).*?VMware(\d+),(\d+)\x05\x06AFP3\.4\x06AFP3\.3\x06AFP3\.2\x06AFP3\.1\x06AFPX03\|s p/Apple AFP/ i/name: $1; protocol 3.4; VMware $2.$3/ o/Mac OS X/ cpe:/a:apple:afp_server/ cpe:/o:apple:mac_os_x/a
Source: nmap-service-probes.0.dr	Binary or memory string: match afp m\|^\x01\x03\0\0........\0\0\0\0........\x9f\xfb.([^\0\x01]+)[\0\x01].VMware(\d+),(\d+)\x05\x06AFP3\.4\x06AFP3\.3\x06AFP3\.2\x06AFP3\.1\x06AFPX03\x06\tDHCAST128\x04DHX2\x06Recon1\rClient Krb v2\x03GSS\x0fNo User Authent.\x1b\$not_defined_in_RFC4178@please_ignore$\|s p/Apple AFP/ i/name: $1; protocol 3.4; Mac OS X 10.6; VMware $2.$3/ o/Mac OS X/ cpe:/a:apple:afp_server/a cpe:/o:apple:mac_os_x/a
Source: nmap-7.80-setup.exe, 00000000.00000002.4755333799.0000000000446000.00000004.00020000.sdmp	Binary or memory string: :\Program Files (x86)\Nmap\scripts\http-vmware-path-vuln.nse
Source: nmap-service-probes.0.dr	Binary or memory string: match http m\|^HTTP/1\.1 200 OK\r\ncache-control: no-cache\r\nContent-Length: 1573\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=9A69859878EF80D2D98913D0A75EA0CD; Path=/; Secure; HttpOnly\r\nContent-Type: text/html;charset=UTF-8\r\npragma: no-cache\r\n.*\r\n<html>\r\n<head>\r\n<title>VMware Horizon View</title>\r\n\|s p/VMware Horizon View/ cpe:/a:vmware:horizon_view/

Program exit points

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	API call chain: ExitProcess graph end node			graph_0-3456
Source: C:\Users\user\Desktop\nmap-7.80-setup.exe	API call chain: ExitProcess graph end node			graph_0-3458

HIPS / PFW / Operating System Protection Evasion:

May try to detect the Windows Explorer process (often used for injection)

Show sources

Source: nmap-7.80-setup.exe, 00000000.00000002.4756195318.0000000000DE0000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: nmap-7.80-setup.exe, 00000000.00000002.4756195318.0000000000DE0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: nmap-7.80-setup.exe, 00000000.00000002.4756195318.0000000000DE0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: nmap-7.80-setup.exe, 00000000.00000002.4756195318.0000000000DE0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

Contains functionality to query windows version

Show sources

Source: C:\Users\user\Desktop\nmap-7.80-setup.exe

Code function: 0_2_00405D43 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,

0_2_00405D43

Remote Access Functionality:

Contains VNC / remote desktop functionality (version string found)

Show sources

Source: nmap-service-probes.0.dr	String found in binary or memory: match vnc m\|^RFB 003\.00(\d)\n$\| p/VNC/ i/protocol 3.$1/
Source: nmap-service-probes.0.dr	String found in binary or memory: match vnc m\|^RFB 003\.00(\d)\n\0\0\0\0\0\0\0\x1aToo many security failures$\| p/VNC/ i/protocol 3.$1; Locked out/
Source: nmap-service-probes.0.dr	String found in binary or memory: match vnc m\|^RFB 003.130\n$\| p/VNC/ i/unofficial protocol 3.130/
Source: nmap-service-probes.0.dr	String found in binary or memory: match vnc m\|^RFB 003\.88[89]\n$\| p/Apple remote desktop vnc/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
Source: nmap-service-probes.0.dr	String found in binary or memory: match vnc m\|^RFB 000\.000\n$\| p/Ultr@VNC Repeater/ cpe:/a:ultravnc:repeater/
Source: nmap-service-probes.0.dr	String found in binary or memory: match vnc m\|^RFB 003\.00(\d)\n\0\0\0\0\0\0\0jServer license key is missing, invalid or has expired\.\nVisit http://www\.realvnc\.com to purchase a licence\.\| p/RealVNC/ i/Unlicensed; protocol 3.$1/ cpe:/a:realvnc:realvnc/
Source: nmap-service-probes.0.dr	String found in binary or memory: match vnc m\|^RFB 003\.00(\d)\n\0\0\0\0\0\0\0nVNC Server license key is missing, invalid or has expired\.\nVisit http://www\.realvnc\.com to purchase a license\.\| p/RealVNC/ i/Unlicensed; protocol 3.$1/ cpe:/a:realvnc:realvnc/
Source: nmap-service-probes.0.dr	String found in binary or memory: match vnc m\|^RFB 003\.00(\d)\n\0\0\0\0\0\0\0\x8cLa licencia de VNC Server no se ha activado correctamente\.\n\nNo se permitir\xc3\xa1n conexiones hasta que se aplique una clave de licencia v\xc3\xa1lida\.\| p/RealVNC/ i/Unlicensed; protocol 3.$1; Spanish/ cpe:/a:realvnc:realvnc::::es/
Source: nmap-service-probes.0.dr	String found in binary or memory: match vnc m\|^RFB 003\.00(\d)\n\0\0\0\0\0\0\0MTrial period has expired\.\nVisit http://www\.realvnc\.com to purchase a license\.\| p/RealVNC/ i/Trial expired; protocol 3.$1/ cpe:/a:realvnc:realvnc/
Source: nmap-service-probes.0.dr	String found in binary or memory: match vnc m\|^RFB 004\.000\n\| p/RealVNC Personal/ i/protocol 4.0/ cpe:/a:realvnc:realvnc:::personal/
Source: nmap-service-probes.0.dr	String found in binary or memory: match vnc m\|^RFB 004\.001\n\| p/RealVNC Enterprise/ i/protocol 4.1/ cpe:/a:realvnc:realvnc:::enterprise/
Source: nmap-service-probes.0.dr	String found in binary or memory: match vnc m\|^RFB 005\.000\n\| p/RealVNC Enterprise/ v/5.3 or later/ i/protocol 5.0/ cpe:/a:realvnc:realvnc:::enterprise/
Source: nmap-service-probes.0.dr	String found in binary or memory: match vnc m\|^RFB 003\.00(\d)\n\0\0\0\0\0\0\0:Unable to open license file: No such file or directory $2$\| p/RealVNC Enterprise Edition/ i/protocol 3.$1/ cpe:/a:realvnc:realvnc:::enterprise/
Source: nmap-service-probes.0.dr	String found in binary or memory: match vnc m\|^RFB 003\.00(\d)\n\0\0\0\0\0\0\0jServer license key is missing, invalid or has expired\.\nVisit http://www\.realvnc\.com to purchase a license\.\| p/RealVNC Enterprise/ i/protocol 3.$1/ cpe:/a:realvnc:realvnc:::enterprise/
Source: nmap-service-probes.0.dr	String found in binary or memory: match vnc m\|^RFB 009\.123\n\| p/ATEN KVM-over-IP VNC/ d/remote management/
Source: nmap-service-probes.0.dr	String found in binary or memory: match vnc m\|^RFB 003\.00(\d)\n\0\0\0\0\0\0\0kVNC Server is not licensed correctly\.\n\nConnections will be prohibited until a valid license key is applied\.\| p/RealVNC/ i/unlicensed; protocol 3.$1/ cpe:/a:realvnc:realvnc/

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Simulations

Behavior and APIs

No simulations

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
nmap-7.80-setup.exe	1%	Virustotal		Browse
nmap-7.80-setup.exe	0%	Metadefender		Browse

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Program Files (x86)\Nmap\libeay32.dll	0%	Virustotal		Browse
C:\Program Files (x86)\Nmap\libeay32.dll	0%	Metadefender		Browse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://www.csie.ntu.edu.tw/~cjlin/liblinear/	1%	Virustotal		Browse
http://www.csie.ntu.edu.tw/~cjlin/liblinear/	0%	Avira URL Cloud	safe
http://www.nazgul.ch/dev_nostromo.html	0%	Virustotal		Browse
http://www.nazgul.ch/dev_nostromo.html	0%	Avira URL Cloud	safe
http://www.some-random-page.com/2011/12/04/feed/	0%	Avira URL Cloud	safe
http://192.168.1.162/auth2/index.html	0%	Avira URL Cloud	safe
http://www.beaconmedaes.com	1%	Virustotal		Browse
http://www.beaconmedaes.com	0%	Avira URL Cloud	safe
http://underground.org.mx)	0%	Avira URL Cloud	safe
https://www.sharxsecurity.com/products.html	0%	Virustotal		Browse
https://www.sharxsecurity.com/products.html	0%	Avira URL Cloud	safe
http://www.qosient.com/argus/	0%	Virustotal		Browse
http://www.qosient.com/argus/	0%	Avira URL Cloud	safe
http://www.inside-security.de/fw1_rdp_poc.html	0%	Avira URL Cloud	safe
http://freenetproject.org/fcp.html	0%	Avira URL Cloud	safe
http://purenetworks.com/HNAP1/GetDeviceSettings	0%	Virustotal		Browse
http://purenetworks.com/HNAP1/GetDeviceSettings	0%	Avira URL Cloud	safe
http://titanfiesta.googlecode.com/svn/trunk/TitanFiesta/Common/XorTable.h.	0%	Avira URL Cloud	safe
http://%s/wpad.dat	0%	Avira URL Cloud	safe
http://www.some-random-page.com/2011/11/20/feed/	0%	Avira URL Cloud	safe
http://scanme.insecure.org)	0%	Avira URL Cloud	safe
http://www.st.rim.or.jp/~nakata/	0%	Virustotal		Browse
http://www.st.rim.or.jp/~nakata/	0%	Avira URL Cloud	safe
http://svn.icculus.org/twilight/trunk/dpmaster/doc/techinfo.txt?view=markup	0%	Avira URL Cloud	safe
https://wiki.freenetproject.org/FCPv2	0%	Avira URL Cloud	safe
https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability	0%	Avira URL Cloud	safe
http://purenetworks.com/HNAP1/SetDeviceSettings	0%	Virustotal		Browse
http://purenetworks.com/HNAP1/SetDeviceSettings	0%	Avira URL Cloud	safe
http://purenetworks.com/HNAP1/GetDeviceSettings2	0%	Virustotal		Browse
http://purenetworks.com/HNAP1/GetDeviceSettings2	0%	Avira URL Cloud	safe
https://m.some-very-random-website.com	0%	Avira URL Cloud	safe
http://www.icbevr.com/ibank/ibank2/	0%	Avira URL Cloud	safe
http://www.acarsd.org/	0%	Virustotal		Browse
http://www.acarsd.org/	0%	Avira URL Cloud	safe
http://some-very-random-page.com:80/	0%	Avira URL Cloud	safe
http://www.0php.com/php_easter_egg.php.	0%	Virustotal		Browse
http://www.0php.com/php_easter_egg.php.	0%	Avira URL Cloud	safe
http://7bits.nl/blog/2012/03/26/finding-v6-hosts-by-efficiently-mapping-ip6-arpa	0%	Avira URL Cloud	safe
http://docs.getisymphony.com/display/ISYM28/Status	0%	Avira URL Cloud	safe
http://wiki.gnashdev.org/RTMP	0%	Avira URL Cloud	safe
http://www.crynwr.com/crynwr/rfc1035/rfc1035.html	0%	Avira URL Cloud	safe
http://phpsadness.com/sad/11	0%	Virustotal		Browse
http://phpsadness.com/sad/11	0%	Avira URL Cloud	safe
http://www.brainz.co.kr/product/infra_05.php	0%	Virustotal		Browse
http://www.brainz.co.kr/product/infra_05.php	0%	Avira URL Cloud	safe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

Source	Rule	Description	Author	Strings
C:\Program Files (x86)\Nmap\nmap.exe	iKAT_tools_nmap	Generic rule for NMAP - based on NMAP 4 standalone	Florian Roth	0x27ea48:$s0: Insecure.Org 0x27eb14:$s1: Copyright (c) Insecure.Com 0xc9df1:$s2: Nmap 0xcaef8:$s2: nmap 0xcaf1c:$s2: nmap 0xcb0c0:$s2: NMAP 0xcb0cc:$s2: nmap 0xcb0dd:$s2: NMAP 0xcb108:$s2: NMAP 0xcb2d8:$s2: nmap 0xcb2ec:$s2: Nmap 0xcb30c:$s2: nmap 0xcb397:$s2: nmap 0xcc74c:$s2: Nmap 0xcc846:$s2: Nmap 0xcc965:$s2: nmap 0xcc977:$s2: nmap 0xcc982:$s2: nmap 0xcc9aa:$s2: nmap 0xcc9e0:$s2: nmap 0xcd640:$s2: nmap
C:\Users\user\AppData\Local\Temp\nsi8931.tmp	iKAT_tools_nmap	Generic rule for NMAP - based on NMAP 4 standalone	Florian Roth	0xc2a9ee:$s0: Insecure.Org 0xc2aaba:$s1: Copyright (c) Insecure.Com 0x1be3d:$s2: Nmap 0x1be4b:$s2: Nmap 0x1be7f:$s2: Nmap 0x1be9f:$s2: NMAP 0x1beb7:$s2: Nmap 0x1bef5:$s2: Nmap 0x1bf05:$s2: Nmap 0x1bf30:$s2: Nmap 0x1c0ba:$s2: Nmap 0x1c111:$s2: nmap 0x1c147:$s2: Nmap 0x1c1a7:$s2: Nmap 0x1c3d6:$s2: Nmap 0x1c3dd:$s2: nmap 0x1c3eb:$s2: nmap 0x1c545:$s2: Nmap 0x1c9a0:$s2: Nmap 0x1cab1:$s2: Nmap 0x1cb6e:$s2: Nmap

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Sigma Overview

No Sigma rule has matched

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Program Files (x86)\Nmap\zlibwapi.dll	https://nmap.org/dist/nmap-7.80-setup.exe	Get hash	malicious	Browse
C:\Program Files (x86)\Nmap\libssh2.dll	https://nmap.org/dist/nmap-7.80-setup.exe	Get hash	malicious	Browse
C:\Program Files (x86)\Nmap\libeay32.dll	https://nmap.org/dist/nmap-7.80-setup.exe	Get hash	malicious	Browse
C:\Program Files (x86)\Nmap\nmap.exe	https://nmap.org/dist/nmap-7.80-setup.exe	Get hash	malicious	Browse

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report nmap-7.80-setup.exe

Overview

General Information

Detection

Confidence

Classification Spiderchart

Analysis Advice

Mitre Att&ck Matrix

Signature Overview

Cryptography:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Remote Access Functionality:

Malware Configuration

Behavior Graph

Simulations

Behavior and APIs

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Yara Overview

Initial Sample

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Overview

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Screenshots

Thumbnails