Source: Yara match |
File source: 00000004.00000002.509333754.0000000003F73000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.510190949.0000000004B1F000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.502584081.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.266893873.00000000042E1000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.505217823.0000000002F21000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.267084624.0000000004332000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: New PO 64739 (UK).exe PID: 1308, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: MSBuild.exe PID: 6016, type: MEMORY |
Source: Yara match |
File source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.140.53.207 |
Source: Yara match |
File source: 00000004.00000002.509333754.0000000003F73000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.510190949.0000000004B1F000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.502584081.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.266893873.00000000042E1000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.505217823.0000000002F21000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.267084624.0000000004332000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: New PO 64739 (UK).exe PID: 1308, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: MSBuild.exe PID: 6016, type: MEMORY |
Source: Yara match |
File source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Source: 00000004.00000002.510190949.0000000004B1F000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000004.00000002.502584081.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000004.00000002.502584081.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000002.266893873.00000000042E1000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000002.266893873.00000000042E1000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000004.00000002.509509822.00000000047EE000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000002.267084624.0000000004332000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000002.267084624.0000000004332000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000004.00000002.505295151.0000000002F8C000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000004.00000002.510056845.0000000004A34000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000004.00000002.509942877.00000000049FA000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000004.00000002.512849217.00000000055C0000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: New PO 64739 (UK).exe PID: 1308, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: New PO 64739 (UK).exe PID: 1308, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: MSBuild.exe PID: 6016, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: MSBuild.exe PID: 6016, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 4.2.MSBuild.exe.55c0000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Code function: 0_2_03290480 |
0_2_03290480 |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Code function: 0_2_03290968 |
0_2_03290968 |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Code function: 0_2_03290ED8 |
0_2_03290ED8 |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Code function: 0_2_03297D68 |
0_2_03297D68 |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Code function: 0_2_0329C7C0 |
0_2_0329C7C0 |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Code function: 0_2_03290470 |
0_2_03290470 |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Code function: 0_2_03290958 |
0_2_03290958 |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Code function: 0_2_03290EC8 |
0_2_03290EC8 |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Code function: 0_2_03297D59 |
0_2_03297D59 |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Code function: 0_2_06A1CE78 |
0_2_06A1CE78 |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Code function: 0_2_06A1C510 |
0_2_06A1C510 |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Code function: 0_2_06A10006 |
0_2_06A10006 |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Code function: 0_2_06A10040 |
0_2_06A10040 |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Code function: 0_2_06A169D3 |
0_2_06A169D3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4_2_053BE471 |
4_2_053BE471 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4_2_053BE480 |
4_2_053BE480 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4_2_053BBBD4 |
4_2_053BBBD4 |
Source: New PO 64739 (UK).exe |
Binary or memory string: OriginalFilename vs New PO 64739 (UK).exe |
Source: New PO 64739 (UK).exe, 00000000.00000000.236804694.0000000000F42000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameD0I8.exeP vs New PO 64739 (UK).exe |
Source: New PO 64739 (UK).exe, 00000000.00000002.267084624.0000000004332000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameKedermister.dllT vs New PO 64739 (UK).exe |
Source: New PO 64739 (UK).exe, 00000000.00000002.274713965.0000000006FF0000.00000002.00000001.sdmp |
Binary or memory string: System.OriginalFileName vs New PO 64739 (UK).exe |
Source: New PO 64739 (UK).exe, 00000000.00000002.274836383.00000000070F0000.00000002.00000001.sdmp |
Binary or memory string: originalfilename vs New PO 64739 (UK).exe |
Source: New PO 64739 (UK).exe, 00000000.00000002.274836383.00000000070F0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs New PO 64739 (UK).exe |
Source: New PO 64739 (UK).exe, 00000000.00000002.264745155.00000000016F8000.00000004.00000020.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs New PO 64739 (UK).exe |
Source: New PO 64739 (UK).exe |
Binary or memory string: OriginalFilenameD0I8.exeP vs New PO 64739 (UK).exe |
Source: 00000004.00000002.510190949.0000000004B1F000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000004.00000002.502584081.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000004.00000002.502584081.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000002.266893873.00000000042E1000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000000.00000002.266893873.00000000042E1000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000004.00000002.509509822.00000000047EE000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000002.267084624.0000000004332000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000000.00000002.267084624.0000000004332000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000004.00000002.505295151.0000000002F8C000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000004.00000002.510056845.0000000004A34000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000004.00000002.509942877.00000000049FA000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000004.00000002.512849217.00000000055C0000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000004.00000002.512849217.00000000055C0000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: Process Memory Space: New PO 64739 (UK).exe PID: 1308, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: New PO 64739 (UK).exe PID: 1308, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: MSBuild.exe PID: 6016, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: MSBuild.exe PID: 6016, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 4.2.MSBuild.exe.55c0000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 4.2.MSBuild.exe.55c0000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: |
Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\MyNanoCore RemoteScripting\MyClientPlugin\obj\Debug\MyClientPluginNew.pdb source: MSBuild.exe, 00000004.00000002.509509822.00000000047EE000.00000004.00000001.sdmp |
Source: |
Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: MSBuild.exe, 00000004.00000002.510190949.0000000004B1F000.00000004.00000001.sdmp |
Source: |
Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: MSBuild.exe, 00000004.00000002.510190949.0000000004B1F000.00000004.00000001.sdmp |
Source: |
Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: MSBuild.exe, 00000004.00000002.510190949.0000000004B1F000.00000004.00000001.sdmp |
Source: |
Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: MSBuild.exe, 00000004.00000002.510190949.0000000004B1F000.00000004.00000001.sdmp |
Source: |
Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: MSBuild.exe, 00000004.00000002.510190949.0000000004B1F000.00000004.00000001.sdmp |
Source: 4.2.MSBuild.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs |
High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs=' |
Source: 4.2.MSBuild.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs |
High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK' |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: New PO 64739 (UK).exe, 00000000.00000002.265011054.00000000032E1000.00000004.00000001.sdmp |
Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: New PO 64739 (UK).exe, 00000000.00000002.265011054.00000000032E1000.00000004.00000001.sdmp |
Binary or memory string: vmware |
Source: New PO 64739 (UK).exe, 00000000.00000002.265011054.00000000032E1000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II|update users set password = @password where user_id = @user_id |
Source: MSBuild.exe, 00000004.00000002.504816638.000000000134C000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll/ |
Source: New PO 64739 (UK).exe, 00000000.00000002.265011054.00000000032E1000.00000004.00000001.sdmp |
Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools |
Source: MSBuild.exe, 00000004.00000002.509159099.0000000003583000.00000004.00000001.sdmp |
Binary or memory string: Program Manager |
Source: MSBuild.exe, 00000004.00000002.505036371.0000000001920000.00000002.00000001.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: MSBuild.exe, 00000004.00000002.505036371.0000000001920000.00000002.00000001.sdmp |
Binary or memory string: Progman |
Source: MSBuild.exe, 00000004.00000002.505036371.0000000001920000.00000002.00000001.sdmp |
Binary or memory string: SProgram Managerl |
Source: MSBuild.exe, 00000004.00000002.505036371.0000000001920000.00000002.00000001.sdmp |
Binary or memory string: Shell_TrayWnd, |
Source: MSBuild.exe, 00000004.00000002.505036371.0000000001920000.00000002.00000001.sdmp |
Binary or memory string: Progmanlock |
Source: MSBuild.exe, 00000004.00000002.505295151.0000000002F8C000.00000004.00000001.sdmp |
Binary or memory string: Program ManagerHa |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Queries volume information: C:\Users\user\Desktop\New PO 64739 (UK).exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\New PO 64739 (UK).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: 00000004.00000002.509333754.0000000003F73000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.510190949.0000000004B1F000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.502584081.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.266893873.00000000042E1000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.505217823.0000000002F21000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.267084624.0000000004332000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: New PO 64739 (UK).exe PID: 1308, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: MSBuild.exe PID: 6016, type: MEMORY |
Source: Yara match |
File source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Source: New PO 64739 (UK).exe, 00000000.00000002.266893873.00000000042E1000.00000004.00000001.sdmp |
String found in binary or memory: NanoCore.ClientPluginHost |
Source: MSBuild.exe, 00000004.00000002.510190949.0000000004B1F000.00000004.00000001.sdmp |
String found in binary or memory: NanoCore.ClientPluginHost |
Source: MSBuild.exe, 00000004.00000002.510190949.0000000004B1F000.00000004.00000001.sdmp |
String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll |
Source: MSBuild.exe, 00000004.00000002.510190949.0000000004B1F000.00000004.00000001.sdmp |
String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreBase.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreBaseClientPluginCommandHandlerResourcesNanoCoreBase.My.ResourcesMySettingsMySettingsPropertyCommandsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketHandleCommandHandleCommandOpenWebsiteHandleCommandMessageBoxSwapMouseButtonfSwapuser32.dllHandleCommandMouseSwapHandleCommandMouseUnswapmciSendStringlpszCommandlpszReturnStringcchReturnLengthhwndCallbackwinmm.dllmciSendStringAHandleCommandCDTrayHandleCommandCDTrayCloseSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__OpenWebsiteMessageBoxCDTrayCDTrayCloseMouseSwapMouseUnswapSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeSendToServerParamArrayAttributeStringProcessStartSystem.Windows.FormsDialogResultShowConversionsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedNanoCoreBase.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademark |